Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Google Chrome Malware
Message
<blockquote data-quote="Rodney Lewallen" data-source="post: 722472" data-attributes="member: 71271"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018</p><p>Ran by Rodney Lewallen (administrator) on DESKTOP-6OB4Q5J (30-03-2018 03:47:47)</p><p>Running from C:\Users\Lap\Downloads</p><p>Loaded Profiles: Rodney Lewallen (Available Profiles: Rodney Lewallen)</p><p>Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe</p><p>(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE</p><p>(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe</p><p>(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe</p><p>(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe</p><p>() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe</p><p>(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe</p><p>(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe</p><p>(Microsoft Corporation) C:\Users\Lap\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileCoAuth.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe</p><p>(Microsoft Corporation) C:\Windows\System32\browser_broker.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe</p><p>(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Microsoft Corporation) C:\Windows\System32\smartscreen.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)</p><p>HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)</p><p>HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKU\S-1-5-21-160456416-707960844-379946741-1001\...\Run: [Chromium] => c:\users\lap\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)</p><p>HKU\S-1-5-21-160456416-707960844-379946741-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-22] (Adobe Systems Incorporated)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61</p><p>Tcpip\..\Interfaces\{b936b403-5af7-45a9-9185-cd8946c7d128}: [DhcpNameServer] 209.18.47.62 209.18.47.61</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://<a href="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a" target="_blank">www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://<a href="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a" target="_blank">www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a</a></p><p>HKU\S-1-5-21-160456416-707960844-379946741-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://<a href="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a" target="_blank">www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a</a></p><p>SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://<a href="http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=" target="_blank">www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=</a>{searchTerms}</p><p>SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://<a href="http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=" target="_blank">www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=</a>{searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> DefaultScope {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://<a href="http://www.bing.com/search?q=" target="_blank">www.bing.com/search?q=</a>{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15</p><p>SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxps://<a href="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=" target="_blank">www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=</a>{searchTerms}</p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-22] (Microsoft Corporation)</p><p>BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-22] (Microsoft Corporation)</p><p>BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-22] (Microsoft Corporation)</p><p>BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-12-11] ()</p><p>BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-12-11] ()</p><p>Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation)</p><p>Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation)</p><p>Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation)</p><p>StartMenuInternet: IEXPLORE.EXE - iexplore.exe</p><p></p><p>FireFox:</p><p>========</p><p>FF DefaultProfile: s4gxebcc.default</p><p>FF ProfilePath: C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default [2018-03-30]</p><p>FF Homepage: Mozilla\Firefox\Profiles\s4gxebcc.default -> hxxps://<a href="http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-d69e720a" target="_blank">www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-d69e720a</a></p><p>FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default\features\{9d917113-077e-4a16-831a-29cea68d8dac}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy]</p><p>FF SearchPlugin: C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default\searchplugins\bing search engine.xml [2018-03-20]</p><p>FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi</p><p>FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]</p><p>FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi</p><p>FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-11-30] [Legacy]</p><p>FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi</p><p>FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-20] ()</p><p>FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-20] ()</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation)</p><p>FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation)</p><p>FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-22] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-22] (Microsoft Corporation)</p><p>FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)</p><p>FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-11-30]</p><p>CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-11-30]</p><p>CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)</p><p>R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)</p><p>R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., Ltd.)</p><p>R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2018-03-03] (Microsoft Corporation)</p><p>S3 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-12-11] (Foxit Software Inc.)</p><p>S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation)</p><p>R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)</p><p>R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 e1kexpress; C:\WINDOWS\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)</p><p>R1 MpKsl015a8619; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{139BFEF5-31A4-47AD-9E4E-84D5D337F5D4}\MpKsl015a8619.sys [58120 2018-03-30] (Microsoft Corporation)</p><p>S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)</p><p>R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)</p><p>R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2018-03-30 03:47 - 2018-03-30 03:48 - 000019220 _____ C:\Users\Lap\Downloads\FRST.txt</p><p>2018-03-30 03:47 - 2018-03-30 03:47 - 000000000 ____D C:\FRST</p><p>2018-03-30 03:45 - 2018-03-30 03:45 - 002403328 _____ (Farbar) C:\Users\Lap\Downloads\FRST64.exe</p><p>2018-03-29 18:25 - 2018-03-29 18:25 - 000032768 _____ C:\Users\Lap\Downloads\tf06082741.xlt</p><p>2018-03-29 18:24 - 2018-03-29 18:24 - 000020992 _____ C:\Users\Lap\Downloads\tf06082737.pot</p><p>2018-03-29 18:23 - 2018-03-29 18:23 - 000071676 _____ C:\Users\Lap\Downloads\tf00000039.xlsx</p><p>2018-03-29 14:35 - 2018-03-29 14:35 - 000000000 ___HD C:\OneDriveTemp</p><p>2018-03-27 02:16 - 2018-03-27 02:16 - 000000000 ____D C:\Users\Lap\AppData\Local\Microsoft Help</p><p>2018-03-27 02:03 - 2018-03-27 02:03 - 000001088 _____ C:\Users\Lap\Desktop\Active Models for Foster5.lnk</p><p>2018-03-27 02:03 - 2018-03-27 02:03 - 000000000 ____D C:\Program Files (x86)\ActiveModels</p><p>2018-03-27 02:02 - 2018-03-27 02:05 - 000001144 _____ C:\Users\Lap\Desktop\Excel Quality V4.lnk</p><p>2018-03-27 02:02 - 2018-03-27 02:05 - 000000000 ____D C:\Program Files (x86)\ExcelQualityV4</p><p>2018-03-26 01:11 - 2018-03-26 01:11 - 000000000 ____D C:\Users\Lap\Documents\My Books</p><p>2018-03-26 01:11 - 2018-03-26 01:11 - 000000000 ____D C:\Users\Lap\AppData\Local\IsolatedStorage</p><p>2018-03-26 01:07 - 2018-03-26 01:07 - 000002771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk</p><p>2018-03-26 01:07 - 2018-03-26 01:07 - 000002765 _____ C:\Users\Public\Desktop\VitalSource Bookshelf.lnk</p><p>2018-03-26 01:07 - 2018-03-26 01:07 - 000000000 ____D C:\Program Files (x86)\VitalSource Bookshelf</p><p>2018-03-26 01:06 - 2018-03-26 01:06 - 000000000 ____D C:\Users\Public\Documents\Shared Books</p><p>2018-03-26 01:02 - 2018-03-26 01:03 - 116860168 _____ (Ingram Content Group) C:\Users\Lap\Downloads\BookshelfSetup.exe</p><p>2018-03-21 22:47 - 2018-03-21 22:47 - 000000000 ____D C:\Users\Lap\AppData\Roaming\SolidDocuments</p><p>2018-03-21 22:47 - 2018-03-21 22:47 - 000000000 ____D C:\ProgramData\SolidDocuments</p><p>2018-03-21 22:30 - 2018-03-21 22:32 - 000000000 ____D C:\Users\Public\Foxit Software</p><p>2018-03-21 22:30 - 2018-03-21 22:32 - 000000000 ____D C:\Users\Lap\AppData\Roaming\Foxit Software</p><p>2018-03-21 22:30 - 2018-03-21 22:30 - 000001162 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk</p><p>2018-03-21 22:30 - 2018-03-21 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF</p><p>2018-03-21 22:30 - 2018-03-21 22:30 - 000000000 ____D C:\ProgramData\Foxit Software</p><p>2018-03-21 22:29 - 2018-03-21 22:29 - 000000000 ____D C:\Program Files (x86)\Foxit Software</p><p>2018-03-21 22:21 - 2018-03-21 22:24 - 403415040 _____ C:\Users\Lap\Downloads\FoxitPhantomPDF901_enu_Setup.msi</p><p>2018-03-21 22:10 - 2018-03-21 22:10 - 001132547 _____ C:\Users\Lap\Downloads\Letter(2).pdf</p><p>2018-03-21 22:10 - 2018-03-21 22:10 - 001081242 _____ C:\Users\Lap\Downloads\Letter(1).pdf</p><p>2018-03-21 22:10 - 2018-03-21 22:10 - 001081238 _____ C:\Users\Lap\Downloads\Letter(3).pdf</p><p>2018-03-21 22:09 - 2018-03-21 22:09 - 001132546 _____ C:\Users\Lap\Downloads\Letter.pdf</p><p>2018-03-21 04:02 - 2018-03-21 04:02 - 000077420 _____ C:\Users\Lap\Downloads\HMS Cheer Parent Meeting.docx.pdf</p><p>2018-03-21 04:02 - 2018-03-21 04:02 - 000077420 _____ C:\Users\Lap\Downloads\HMS Cheer Parent Meeting.docx(1).pdf</p><p>2018-03-20 20:59 - 2018-03-20 20:59 - 006761845 _____ C:\Users\Lap\Downloads\KonzCh11.pdf</p><p>2018-03-20 20:17 - 2018-03-20 20:18 - 000000000 ____D C:\Users\Lap\AppData\Local\bodor</p><p>2018-03-20 20:17 - 2018-03-20 20:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\{0FBF0DD3-C0F8-D8F2-F1C5-3C6F2EE112D0}</p><p>2018-03-20 20:16 - 2018-03-20 20:17 - 000000000 ____D C:\Users\Lap\AppData\Local\{1DF82BA4-3950-471C-54C8-62F470A09E6C}</p><p>2018-03-20 20:15 - 2018-03-20 20:17 - 000000000 ____D C:\Users\Lap\AppData\Local\Holagil</p><p>2018-03-20 19:45 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2018-03-20 19:45 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys</p><p>2018-03-20 19:45 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys</p><p>2018-03-20 19:45 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2018-03-20 19:45 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys</p><p>2018-03-20 19:45 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll</p><p>2018-03-20 19:45 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys</p><p>2018-03-20 19:45 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll</p><p>2018-03-20 19:45 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys</p><p>2018-03-20 19:45 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll</p><p>2018-03-20 19:45 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys</p><p>2018-03-20 19:45 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys</p><p>2018-03-20 19:45 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys</p><p>2018-03-20 19:45 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll</p><p>2018-03-20 19:45 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll</p><p>2018-03-20 19:45 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe</p><p>2018-03-20 19:45 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys</p><p>2018-03-20 19:45 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys</p><p>2018-03-20 19:45 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS</p><p>2018-03-20 19:45 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys</p><p>2018-03-20 19:45 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS</p><p>2018-03-20 19:45 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys</p><p>2018-03-20 19:45 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys</p><p>2018-03-20 19:45 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys</p><p>2018-03-20 19:45 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys</p><p>2018-03-20 19:45 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys</p><p>2018-03-20 19:45 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys</p><p>2018-03-20 19:44 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll</p><p>2018-03-20 19:44 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll</p><p>2018-03-20 19:44 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll</p><p>2018-03-20 19:44 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll</p><p>2018-03-20 19:44 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll</p><p>2018-03-20 19:44 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll</p><p>2018-03-20 19:44 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe</p><p>2018-03-20 19:44 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe</p><p>2018-03-20 19:44 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe</p><p>2018-03-20 19:44 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe</p><p>2018-03-20 19:44 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe</p><p>2018-03-20 19:44 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys</p><p>2018-03-20 19:44 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys</p><p>2018-03-20 19:44 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe</p><p>2018-03-20 19:44 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys</p><p>2018-03-20 19:44 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2018-03-20 19:44 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll</p><p>2018-03-20 19:44 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys</p><p>2018-03-20 19:44 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll</p><p>2018-03-20 19:44 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe</p><p>2018-03-20 19:44 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys</p><p>2018-03-20 19:44 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys</p><p>2018-03-20 19:44 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys</p><p>2018-03-20 19:44 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe</p><p>2018-03-20 19:44 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll</p><p>2018-03-20 19:44 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe</p><p>2018-03-20 19:44 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi</p><p>2018-03-20 19:44 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe</p><p>2018-03-20 19:44 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe</p><p>2018-03-20 19:44 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi</p><p>2018-03-20 19:44 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe</p><p>2018-03-20 19:44 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys</p><p>2018-03-20 19:44 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys</p><p>2018-03-20 19:44 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2018-03-20 19:44 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys</p><p>2018-03-20 19:44 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys</p><p>2018-03-20 19:44 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys</p><p>2018-03-20 19:44 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys</p><p>2018-03-20 19:44 - 2018-02-21 19:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys</p><p>2018-03-20 19:44 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll</p><p>2018-03-20 19:27 - 2018-03-20 19:27 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier</p><p>2018-03-07 01:10 - 2018-03-07 01:10 - 000000000 ___HD C:\Users\Lap\AppData\Local\2b3e2bc70105b8e5</p><p>2018-03-03 16:51 - 2018-03-03 16:51 - 002184232 _____ (LogMeIn, Inc.) C:\Users\Lap\Downloads\Support-LogMeInRescue.exe</p><p>2018-03-01 15:33 - 2018-03-01 15:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2018-03-30 03:22 - 2018-02-11 22:24 - 000000000 ____D C:\Users\Lap\AppData\LocalLow\Mozilla</p><p>2018-03-30 03:10 - 2018-02-12 01:10 - 000000267 _____ C:\Users\Lap\AppData\Roaming\WB.CFG</p><p>2018-03-30 02:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization</p><p>2018-03-30 02:53 - 2018-01-06 01:27 - 002054198 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2018-03-30 02:53 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps</p><p>2018-03-30 02:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness</p><p>2018-03-30 02:50 - 2018-02-11 22:46 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D5870D7-E866-4F00-A5E9-DA4800ED1E40}</p><p>2018-03-30 02:49 - 2018-02-23 00:54 - 000000000 ___RD C:\Users\Lap\Creative Cloud Files</p><p>2018-03-30 02:49 - 2018-02-11 22:10 - 000000000 ____D C:\Users\Lap\AppData\Local\Adobe</p><p>2018-03-30 02:48 - 2018-01-05 23:28 - 000000000 __RDL C:\Users\Lap\OneDrive</p><p>2018-03-30 02:47 - 2018-01-06 01:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2018-03-30 02:47 - 2018-01-06 01:16 - 000000000 ____D C:\Users\Lap</p><p>2018-03-30 02:47 - 2018-01-06 01:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy</p><p>2018-03-29 19:26 - 2018-02-11 23:33 - 000000000 ____D C:\Users\Lap\AppData\Local\PlaceholderTileLogoFolder</p><p>2018-03-29 19:26 - 2018-01-06 01:17 - 000000000 ____D C:\Users\Lap\AppData\Local\Packages</p><p>2018-03-29 14:33 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI</p><p>2018-03-28 14:19 - 2018-02-11 22:24 - 000000000 ____D C:\Program Files\Mozilla Firefox</p><p>2018-03-28 14:19 - 2018-02-11 22:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2018-03-27 23:25 - 2018-02-12 18:43 - 000000000 ____D C:\Users\Lap\Documents\Autosave Files</p><p>2018-03-27 20:20 - 2018-02-11 22:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk</p><p>2018-03-26 15:12 - 2018-01-06 01:14 - 000467000 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2018-03-23 21:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache</p><p>2018-03-23 20:52 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft</p><p>2018-03-23 20:50 - 2018-01-16 20:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office</p><p>2018-03-23 20:45 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF</p><p>2018-03-21 22:30 - 2018-02-23 00:25 - 000000000 ____D C:\ProgramData\Package Cache</p><p>2018-03-21 20:20 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp</p><p>2018-03-21 20:13 - 2018-01-06 01:29 - 000000000 ___RD C:\Users\Lap\3D Objects</p><p>2018-03-21 20:13 - 2018-01-05 23:23 - 000000000 __RHD C:\Users\Public\AccountPictures</p><p>2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput</p><p>2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser</p><p>2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences</p><p>2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions</p><p>2018-03-20 20:04 - 2018-01-06 21:42 - 000000000 ____D C:\Users\Lap\AppData\Local\ElevatedDiagnostics</p><p>2018-03-20 19:55 - 2018-01-06 01:38 - 000000000 ____D C:\WINDOWS\system32\MRT</p><p>2018-03-20 19:53 - 2018-01-06 01:38 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe</p><p>2018-03-20 19:52 - 2018-01-06 01:38 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2018-03-20 19:47 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll</p><p>2018-03-20 19:47 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll</p><p>2018-03-20 19:27 - 2018-02-12 01:00 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2018-03-20 19:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed</p><p>2018-03-20 19:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed</p><p>2018-03-11 21:16 - 2018-01-06 01:26 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-160456416-707960844-379946741-1001</p><p>2018-03-11 21:16 - 2018-01-05 23:28 - 000002353 _____ C:\Users\Lap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2018-03-01 15:44 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2018-02-12 01:10 - 2018-03-30 03:10 - 000000267 _____ () C:\Users\Lap\AppData\Roaming\WB.CFG</p><p>2018-02-12 00:23 - 2018-02-12 00:23 - 000000017 _____ () C:\Users\Lap\AppData\Local\resmon.resmoncfg</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2018-03-22 02:04</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018</p><p>Ran by Rodney Lewallen (30-03-2018 03:49:09)</p><p>Running from C:\Users\Lap\Downloads</p><p>Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-06 06:28:51)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-160456416-707960844-379946741-500 - Administrator - Disabled)</p><p>DefaultAccount (S-1-5-21-160456416-707960844-379946741-503 - Limited - Disabled)</p><p>Emma K (S-1-5-21-160456416-707960844-379946741-1002 - Limited - Disabled)</p><p>Guest (S-1-5-21-160456416-707960844-379946741-501 - Limited - Disabled)</p><p>Rlewa (S-1-5-21-160456416-707960844-379946741-1004 - Limited - Disabled)</p><p>Rodney Lewallen (S-1-5-21-160456416-707960844-379946741-1001 - Administrator - Enabled) => C:\Users\Lap</p><p>Tanke_y1bte3f (S-1-5-21-160456416-707960844-379946741-1003 - Limited - Disabled)</p><p>WDAGUtilityAccount (S-1-5-21-160456416-707960844-379946741-504 - Limited - Disabled)</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Active Models (HKLM-x32\...\Active Models) (Version: - )</p><p>Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)</p><p>Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)</p><p>Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)</p><p>Bing Search Engine (HKLM-x32\...\{1C1EF4DE-4C9E-255E-FD1E-55DE2D9E865E}) (Version: - )</p><p>ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.18.0.0 - Byte Technologies LLC) <==== ATTENTION</p><p>Chromium (HKLM-x32\...\{873A6FFA-D7BA-BE7A-663A-CEFAB6BA1D7A}) (Version: - )</p><p>Dell System Detect (HKU\S-1-5-21-160456416-707960844-379946741-1001\...\d24084d039586cae) (Version: 8.11.0.3 - Dell)</p><p>Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)</p><p>Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)</p><p>EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)</p><p>Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)</p><p>EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation)</p><p>EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)</p><p>Excel Quality V4 (HKLM-x32\...\Excel Quality V4) (Version: - )</p><p>Foxit PhantomPDF (HKLM-x32\...\{DA44E1A4-E022-11E7-9D85-000C296BF29B}) (Version: 9.0.1.1049 - Foxit Software Inc.)</p><p>Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2236 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-160456416-707960844-379946741-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)</p><p>Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)</p><p>NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)</p><p>NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)</p><p>Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden</p><p>Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden</p><p>VitalSource Bookshelf (HKLM-x32\...\{5662bb17-987f-4669-a168-ae4001d70a23}) (Version: 7.6.0004 - Ingram Content Group)</p><p>Wolfram CDF Player 11.2 (M-WIN-D 11.2.0 5833975) (HKLM\...\M-WIN-D 11.2.0 5833975_is1) (Version: 11.2.0 - Wolfram Research, Inc.)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-160456416-707960844-379946741-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F20746EC9F90}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-160456416-707960844-379946741-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)</p><p>ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()</p><p>ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()</p><p>ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()</p><p>ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()</p><p>ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)</p><p>ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)</p><p>ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)</p><p>ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()</p><p>ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)</p><p>ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {184B9F6F-51AD-4E08-B7B1-AA1642AAE8E8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-20] (Adobe Systems Incorporated)</p><p>Task: {1B2F5616-A5CC-4E32-9F1A-B11E9BB2E8E0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-22] ()</p><p>Task: {1D3D630C-CED9-4A38-9A32-38C738233DDE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-22] ()</p><p>Task: {2AD8BC6F-687E-4AD5-A170-9CF0CA8AF1ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)</p><p>Task: {472303BB-3C7D-40B0-91D3-1B5172F7F36C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)</p><p>Task: {50504055-D91A-46AB-88F0-DE248365C5D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-23] (Microsoft Corporation)</p><p>Task: {5FC62AFC-AF93-4531-BAA2-990B85D15C7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-20] (Adobe Systems Incorporated)</p><p>Task: {5FD52FA4-A347-4C66-9B11-B760BA1D1DE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)</p><p>Task: {64349628-6D65-44AE-B696-8AB5D3BD5A2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-23] (Microsoft Corporation)</p><p>Task: {7100C00A-8857-4CED-81F5-506E08E562A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)</p><p>Task: {99482050-A2C1-461F-995A-E396CF227430} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-03] (Microsoft Corporation)</p><p>Task: {A461E39B-186A-41F1-8F16-79643CE96B2E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-23] (Microsoft Corporation)</p><p>Task: {A5B2E867-101E-4EFB-9B2E-FAC6C5B43255} - System32\Tasks\{0FBF0DD3-C0F8-D8F2-F1C5-3C6F2EE112D0}\Cogoniha => C:\Users\Lap\AppData\Local\bodor\Cogoniha.exe [2013-04-13] ()</p><p>Task: {A8BBC963-353A-4B06-A322-4BB50DF7E573} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-6OB4Q5J-Rodney Lewallen => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)</p><p>Task: {C8F83545-1BBF-4D3F-96D9-6914901E0460} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)</p><p>Task: {DAB75DF7-3DC7-434F-B8ED-4C406AFEBF87} - System32\Tasks\{2CC57B3D-F2A5-97A4-A8BC-2A6F85733932}\todek => C:\Program Files (x86)\Common Files\Lokemokege\todek.exe [2013-04-21] ()</p><p>Task: {EEB7B0E3-4BD9-4F9B-ACE7-629108E41481} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-03] (Microsoft Corporation)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p></p><p>==================== Shortcuts & WMI ========================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll</p><p>2018-01-05 23:28 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll</p><p>2018-02-10 02:12 - 2018-02-10 02:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll</p><p>2018-03-20 19:44 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll</p><p>2018-03-26 19:30 - 2018-03-26 19:31 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe</p><p>2018-03-26 19:30 - 2018-03-26 19:31 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll</p><p>2018-03-26 19:30 - 2018-03-26 19:31 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll</p><p>2018-03-26 19:30 - 2018-03-26 19:31 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll</p><p>2018-03-26 19:30 - 2018-03-26 19:31 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll</p><p>2018-02-27 21:08 - 2018-02-27 21:08 - 034523072 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe</p><p>2018-03-11 21:20 - 2018-03-11 21:21 - 001227440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll</p><p>2018-02-04 19:18 - 2018-02-04 19:18 - 004601048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll</p><p>2017-12-13 20:38 - 2017-12-13 20:38 - 000975872 _____ () c:\windows\system32\FaceProcessor.dll</p><p>2017-12-13 20:38 - 2017-12-13 20:38 - 000269696 _____ () c:\windows\system32\FaceProcessorCore.dll</p><p>2017-09-29 08:41 - 2017-09-29 08:41 - 001357464 _____ () c:\windows\system32\FaceTrackerInternal.dll</p><p>2018-02-14 06:03 - 2018-02-14 06:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll</p><p>2018-01-30 09:38 - 2018-01-30 09:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node</p><p>2018-01-30 09:39 - 2018-01-30 09:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node</p><p>2018-01-30 09:38 - 2018-01-30 09:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node</p><p>2018-01-30 09:38 - 2018-01-30 09:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node</p><p>2018-02-14 06:26 - 2018-02-14 06:26 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll</p><p>2018-01-30 09:38 - 2018-01-30 09:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000125904 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000125392 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000133072 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000222160 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000106456 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node</p><p>2018-02-14 06:20 - 2018-02-14 06:20 - 000094168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p>IE trusted site: HKU\S-1-5-21-160456416-707960844-379946741-1001\...\sharepoint.com -> hxxps://gotarleton-files.sharepoint.com</p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2017-03-18 16:03 - 2018-02-12 01:31 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-160456416-707960844-379946741-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg</p><p>DNS Servers: 209.18.47.62 - 209.18.47.61</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"</p><p>HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"</p><p>HKU\S-1-5-21-160456416-707960844-379946741-1001\...\StartupApproved\Run: => "Chromium"</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [{8DED2A86-18E1-4ED6-9AE4-676AAC4B22D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{3A632698-77E3-4BBC-9DFA-B019320EFB17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe</p><p>FirewallRules: [{547A855C-744C-4A8D-8B44-8E9F0AAA503F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{CD76C26C-157D-4723-9217-685A462A74CA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe</p><p>FirewallRules: [{9F16C31A-D915-4B28-8115-BCC20A639D1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe</p><p>FirewallRules: [{57CBA991-555C-4796-81A9-CE5B2EACA32F}] => (Allow) C:\Users\Lap\AppData\Local\Temp\EPSON WorkForce 545 Series_Asia\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe</p><p>FirewallRules: [{1D1FC7BD-8A5C-4EAC-803F-AC52EFA6BB2B}] => (Allow) C:\Users\Lap\AppData\Local\Temp\EPSON WorkForce 545 Series_Asia\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe</p><p>FirewallRules: [{9CE69F5B-873B-4840-BE41-C4765228DD44}] => (Allow) C:\Users\Lap\AppData\Local\Chromium\Application\chrome.exe</p><p>FirewallRules: [{34AB4130-A16A-46AB-901E-E72FA108EA61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{CC692D04-F39E-474F-90FB-2B4358D6CE14}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{9E201A30-FF05-4310-B32D-FE9BBE153032}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe</p><p>FirewallRules: [{CC941C39-D7B5-410B-B60F-16EE79D70949}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe</p><p>FirewallRules: [TCP Query User{14962333-BA1C-4B11-9F90-5D30A8B5EC7D}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe</p><p>FirewallRules: [UDP Query User{927EDE19-B7F8-4D3C-8856-11F62E50F745}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe</p><p>FirewallRules: [{FD5CC920-459B-4888-97C6-A15C44E1EFE1}] => (Block) C:\windows\system32\rundll32.exe</p><p>FirewallRules: [{13192EB6-A610-483D-848F-825E6DEE1902}] => (Block) C:\windows\system32\rundll32.exe</p><p>FirewallRules: [{B3B5E70B-0801-47F0-9BA4-B91196B20B1D}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\WolframCDFPlayer.exe</p><p>FirewallRules: [{429D2E7C-1EA6-4372-B447-64BC88D2888B}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\WolframCDFPlayer.exe</p><p>FirewallRules: [{2D324BC6-7532-4438-AFC7-497B6EFC7C7A}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\MathKernel.exe</p><p>FirewallRules: [{B3E54E2B-BA16-40BA-912B-A35A43E7D982}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\MathKernel.exe</p><p>FirewallRules: [{CF706C49-FE1B-4AF7-97C3-7FA205990320}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\math.exe</p><p>FirewallRules: [{718F1855-CC69-4206-9718-69C4F0567153}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\math.exe</p><p>FirewallRules: [TCP Query User{028DC422-1F52-4250-B11F-A1457DF12485}C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe</p><p>FirewallRules: [UDP Query User{B9BF838F-4EF4-47F2-B909-B109CF2B9241}C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe</p><p>FirewallRules: [{A5FE24F6-97F8-4946-8304-5337E254A1C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{F0C326D7-E311-4F6F-A5F2-B45CB4530F1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{2CB628D2-C24C-4A23-86E2-41C8C7266AF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{826B7067-354F-4E5C-9B44-67009A11067B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{EFB744A6-E743-4C31-8115-0F310E7BAD23}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{484A67AD-62B7-4245-B748-3066CB8625EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{021A6214-8973-4024-8802-19D82D7E533D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{488BD3D7-7AE9-45A7-B256-7C9AA7CD0981}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe</p><p>FirewallRules: [{4837548B-AED3-411F-8812-A54EC1D0FA4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe</p><p>FirewallRules: [{1ADCA1D1-30B1-4B95-8788-4F11F3A950C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>04-03-2018 22:27:20 Scheduled Checkpoint</p><p>20-03-2018 19:43:36 Windows Update</p><p>21-03-2018 22:27:48 Installed Foxit PhantomPDF</p><p>26-03-2018 01:06:22 Installed VitalSource Bookshelf.</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Broadcom USH</p><p>Description: Broadcom USH</p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name:</p><p>Description:</p><p>Class Guid:</p><p>Manufacturer:</p><p>Service:</p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (03/29/2018 07:31:14 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: GeoGebra.exe, version: 1.0.0.0, time stamp: 0x59cb9033</p><p>Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.248, time stamp: 0xc71fa28c</p><p>Exception code: 0xc000027b</p><p>Fault offset: 0x008943fa</p><p>Faulting process id: 0x2b7c</p><p>Faulting application start time: 0x01d3c7bdb24ae79f</p><p>Faulting application path: C:\Program Files\WindowsApps\18FD273D.GeoGebraGraphingCalculator_6.0.388.0_neutral__1f5eszzrqmqpy\GeoGebra.exe</p><p>Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll</p><p>Report Id: decafb52-4a26-47c0-b9c6-2409581e7447</p><p>Faulting package full name: 18FD273D.GeoGebraGraphingCalculator_6.0.388.0_neutral__1f5eszzrqmqpy</p><p>Faulting package-relative application ID: App</p><p></p><p>Error: (03/27/2018 08:20:31 PM) (Source: SideBySide) (EventID: 35) (User: )</p><p>Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.</p><p>Component identity found in manifest does not match the identity of the component requested.</p><p>Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".</p><p>Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (03/27/2018 01:56:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-6OB4Q5J)</p><p>Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.</p><p></p><p>Error: (03/20/2018 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )</p><p>Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.</p><p></p><p>Error: (03/20/2018 07:31:02 PM) (Source: SideBySide) (EventID: 35) (User: )</p><p>Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.</p><p>Component identity found in manifest does not match the identity of the component requested.</p><p>Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".</p><p>Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (03/06/2018 10:10:20 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: todek.exe, version: 0.0.0.0, time stamp: 0x573dcb6c</p><p>Faulting module name: KERNELBASE.dll, version: 10.0.16299.248, time stamp: 0x13ae3814</p><p>Exception code: 0xc0000409</p><p>Fault offset: 0x001008c2</p><p>Faulting process id: 0x1ae8</p><p>Faulting application start time: 0x01d3b5c1c8029bfa</p><p>Faulting application path: C:\PROGRA~2\COMMON~1\LOKEMO~1\todek.exe</p><p>Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll</p><p>Report Id: 1e602e73-09cd-485e-8cac-adaa012a268e</p><p>Faulting package full name:</p><p>Faulting package-relative application ID:</p><p></p><p>Error: (03/05/2018 10:16:54 PM) (Source: SideBySide) (EventID: 35) (User: )</p><p>Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.</p><p>Component identity found in manifest does not match the identity of the component requested.</p><p>Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".</p><p>Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".</p><p>Please use sxstrace.exe for detailed diagnosis.</p><p></p><p>Error: (02/27/2018 09:27:16 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: AAM Updates Notifier.exe, version: 9.0.0.281, time stamp: 0x5776ade0</p><p>Faulting module name: UpdaterCore.dll, version: 9.0.0.30, time stamp: 0x5773799f</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x0006287e</p><p>Faulting process id: 0x241c</p><p>Faulting application start time: 0x01d3b03b96ea6bbd</p><p>Faulting application path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe</p><p>Faulting module path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterCore.dll</p><p>Report Id: c943c7a6-182f-4615-948e-eab0fb7cd3cf</p><p>Faulting package full name:</p><p>Faulting package-relative application ID:</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p>Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID</p><p>{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</p><p> and APPID</p><p>{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</p><p> to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p></p><p></p><p>Windows Defender:</p><p>===================================</p><p>Date: 2018-03-30 03:19:01.887</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {D1465D86-C5E1-4A80-A4B7-FA0939A79F0A}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Custom Scan</p><p></p><p>Date: 2018-03-30 03:07:03.073</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {1E9BEAC0-FECE-4889-90E1-D27675BA9F5D}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Full Scan</p><p></p><p>Date: 2018-03-27 20:53:06.138</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {F6E50DBF-01CE-4B5B-A6C8-A7423B2DF78D}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Quick Scan</p><p></p><p>Date: 2018-03-27 20:39:28.391</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {5D986DCF-DDDE-4AD4-9B12-50CFE1622C61}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Quick Scan</p><p></p><p>Date: 2018-03-26 17:17:53.398</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {28BB28D5-4D66-4EA3-B667-BCD4B12FF37C}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Quick Scan</p><p></p><p>Date: 2018-02-22 17:03:26.900</p><p>Description:</p><p>Windows Defender Antivirus has encountered an error trying to update signatures.</p><p>New Signature Version:</p><p>Previous Signature Version: 1.261.1518.0</p><p>Update Source: Microsoft Update Server</p><p>Signature Type: AntiVirus</p><p>Update Type: Full</p><p>Current Engine Version:</p><p>Previous Engine Version: 1.1.14500.5</p><p>Error code: 0x80240016</p><p>Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.</p><p></p><p>Date: 2018-02-05 02:41:28.685</p><p>Description:</p><p>Windows Defender Antivirus has encountered an error trying to update signatures.</p><p>New Signature Version:</p><p>Previous Signature Version: 1.261.756.0</p><p>Update Source: Microsoft Malware Protection Center</p><p>Signature Type: AntiVirus</p><p>Update Type: Full</p><p>Current Engine Version:</p><p>Previous Engine Version: 1.1.14500.5</p><p>Error code: 0x80072ee7</p><p>Error description: The server name or address could not be resolved</p><p></p><p>Date: 2018-02-05 02:41:28.684</p><p>Description:</p><p>Windows Defender Antivirus has encountered an error trying to update signatures.</p><p>New Signature Version:</p><p>Previous Signature Version: 118.2.0.0</p><p>Update Source: Microsoft Malware Protection Center</p><p>Signature Type: Network Inspection System</p><p>Update Type: Full</p><p>Current Engine Version:</p><p>Previous Engine Version: 2.1.14202.0</p><p>Error code: 0x80072ee7</p><p>Error description: The server name or address could not be resolved</p><p></p><p>Date: 2018-02-05 02:41:28.671</p><p>Description:</p><p>Windows Defender Antivirus has encountered an error trying to update signatures.</p><p>New Signature Version:</p><p>Previous Signature Version: 1.261.756.0</p><p>Update Source: Microsoft Malware Protection Center</p><p>Signature Type: AntiVirus</p><p>Update Type: Full</p><p>Current Engine Version:</p><p>Previous Engine Version: 1.1.14500.5</p><p>Error code: 0x80072ee7</p><p>Error description: The server name or address could not be resolved</p><p></p><p>Date: 2018-02-05 02:41:28.670</p><p>Description:</p><p>Windows Defender Antivirus has encountered an error trying to update signatures.</p><p>New Signature Version:</p><p>Previous Signature Version: 1.261.756.0</p><p>Update Source: Microsoft Malware Protection Center</p><p>Signature Type: AntiSpyware</p><p>Update Type: Full</p><p>Current Engine Version:</p><p>Previous Engine Version: 1.1.14500.5</p><p>Error code: 0x80072ee7</p><p>Error description: The server name or address could not be resolved</p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz</p><p>Percentage of memory in use: 75%</p><p>Total physical RAM: 3957.37 MB</p><p>Available physical RAM: 970.52 MB</p><p>Total Virtual: 4981.37 MB</p><p>Available Virtual: 952.95 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:465.21 GB) (Free:420.34 GB) NTFS</p><p>Drive f: () (Removable) (Total:1.92 GB) (Free:1.32 GB) FAT</p><p></p><p>\\?\Volume{52306a34-5106-4900-9740-2520c6cdb5e5}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS</p><p>\\?\Volume{72fbff42-6d65-48ff-a856-9a4e0309179a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)</p><p></p><p>Partition: GPT.</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 1.9 GB) (Disk ID: 00DFD600)</p><p>Partition 1: (Active) - (Size=1.9 GB) - (Type=06)</p><p></p><p>==================== End of Addition.txt ============================</p></blockquote><p></p>
[QUOTE="Rodney Lewallen, post: 722472, member: 71271"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by Rodney Lewallen (administrator) on DESKTOP-6OB4Q5J (30-03-2018 03:47:47) Running from C:\Users\Lap\Downloads Loaded Profiles: Rodney Lewallen (Available Profiles: Rodney Lewallen) Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Microsoft Corporation) C:\Users\Lap\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileCoAuth.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-02-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-160456416-707960844-379946741-1001\...\Run: [Chromium] => c:\users\lap\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors) HKU\S-1-5-21-160456416-707960844-379946741-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-02-22] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 Tcpip\..\Interfaces\{b936b403-5af7-45a9-9185-cd8946c7d128}: [DhcpNameServer] 209.18.47.62 209.18.47.61 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a[/URL] HKU\S-1-5-21-160456416-707960844-379946741-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a"]www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d69e720a[/URL] SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://[URL="http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q="]www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=[/URL]{searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://[URL="http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q="]www.palikan.com/results.php?f=4&a=plk_coinisreb_18_06&cd=2XzuyEtN2Y1L1QzuyD0C0A0CyE0C0FtA0FyBzyzyyC0EyCtAtN0D0Tzu0StBtBtAtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCyB0B0EtCyEtAyCtGyEyDzyzztGtCyE0EtDtGtB0BtBtCtGtByCtByEyEzzyBzz0DtB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0DyB0F0ByE0DtAtGyDtAtAyEtGyEyC0FzytG0AyB0BtDtG0E0A0EyB0ByCtAyB0AtD0CtC2QtN0A0LzuyE&cr=1463986358&ir=&q=[/URL]{searchTerms} SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> DefaultScope {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://[URL="http://www.bing.com/search?q="]www.bing.com/search?q=[/URL]{searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 SearchScopes: HKU\S-1-5-21-160456416-707960844-379946741-1001 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxps://[URL="http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q="]www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d69e720a&q=[/URL]{searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-22] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-22] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-01-22] (Microsoft Corporation) BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-12-11] () BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-12-11] () Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-22] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: s4gxebcc.default FF ProfilePath: C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default [2018-03-30] FF Homepage: Mozilla\Firefox\Profiles\s4gxebcc.default -> hxxps://[URL="http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-d69e720a"]www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-d69e720a[/URL] FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default\features\{9d917113-077e-4a16-831a-29cea68d8dac}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-28] [Legacy] FF SearchPlugin: C:\Users\Lap\AppData\Roaming\Mozilla\Firefox\Profiles\s4gxebcc.default\searchplugins\bing search engine.xml [2018-03-20] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02] FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-11-30] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-20] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-20] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-12-01] (Foxit Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-22] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-02-22] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems) Chrome: ======= CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-11-30] CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-11-30] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., Ltd.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2018-03-03] (Microsoft Corporation) S3 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-12-11] (Foxit Software Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-13] (Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 e1kexpress; C:\WINDOWS\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation) R1 MpKsl015a8619; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{139BFEF5-31A4-47AD-9E4E-84D5D337F5D4}\MpKsl015a8619.sys [58120 2018-03-30] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-30 03:47 - 2018-03-30 03:48 - 000019220 _____ C:\Users\Lap\Downloads\FRST.txt 2018-03-30 03:47 - 2018-03-30 03:47 - 000000000 ____D C:\FRST 2018-03-30 03:45 - 2018-03-30 03:45 - 002403328 _____ (Farbar) C:\Users\Lap\Downloads\FRST64.exe 2018-03-29 18:25 - 2018-03-29 18:25 - 000032768 _____ C:\Users\Lap\Downloads\tf06082741.xlt 2018-03-29 18:24 - 2018-03-29 18:24 - 000020992 _____ C:\Users\Lap\Downloads\tf06082737.pot 2018-03-29 18:23 - 2018-03-29 18:23 - 000071676 _____ C:\Users\Lap\Downloads\tf00000039.xlsx 2018-03-29 14:35 - 2018-03-29 14:35 - 000000000 ___HD C:\OneDriveTemp 2018-03-27 02:16 - 2018-03-27 02:16 - 000000000 ____D C:\Users\Lap\AppData\Local\Microsoft Help 2018-03-27 02:03 - 2018-03-27 02:03 - 000001088 _____ C:\Users\Lap\Desktop\Active Models for Foster5.lnk 2018-03-27 02:03 - 2018-03-27 02:03 - 000000000 ____D C:\Program Files (x86)\ActiveModels 2018-03-27 02:02 - 2018-03-27 02:05 - 000001144 _____ C:\Users\Lap\Desktop\Excel Quality V4.lnk 2018-03-27 02:02 - 2018-03-27 02:05 - 000000000 ____D C:\Program Files (x86)\ExcelQualityV4 2018-03-26 01:11 - 2018-03-26 01:11 - 000000000 ____D C:\Users\Lap\Documents\My Books 2018-03-26 01:11 - 2018-03-26 01:11 - 000000000 ____D C:\Users\Lap\AppData\Local\IsolatedStorage 2018-03-26 01:07 - 2018-03-26 01:07 - 000002771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk 2018-03-26 01:07 - 2018-03-26 01:07 - 000002765 _____ C:\Users\Public\Desktop\VitalSource Bookshelf.lnk 2018-03-26 01:07 - 2018-03-26 01:07 - 000000000 ____D C:\Program Files (x86)\VitalSource Bookshelf 2018-03-26 01:06 - 2018-03-26 01:06 - 000000000 ____D C:\Users\Public\Documents\Shared Books 2018-03-26 01:02 - 2018-03-26 01:03 - 116860168 _____ (Ingram Content Group) C:\Users\Lap\Downloads\BookshelfSetup.exe 2018-03-21 22:47 - 2018-03-21 22:47 - 000000000 ____D C:\Users\Lap\AppData\Roaming\SolidDocuments 2018-03-21 22:47 - 2018-03-21 22:47 - 000000000 ____D C:\ProgramData\SolidDocuments 2018-03-21 22:30 - 2018-03-21 22:32 - 000000000 ____D C:\Users\Public\Foxit Software 2018-03-21 22:30 - 2018-03-21 22:32 - 000000000 ____D C:\Users\Lap\AppData\Roaming\Foxit Software 2018-03-21 22:30 - 2018-03-21 22:30 - 000001162 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk 2018-03-21 22:30 - 2018-03-21 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF 2018-03-21 22:30 - 2018-03-21 22:30 - 000000000 ____D C:\ProgramData\Foxit Software 2018-03-21 22:29 - 2018-03-21 22:29 - 000000000 ____D C:\Program Files (x86)\Foxit Software 2018-03-21 22:21 - 2018-03-21 22:24 - 403415040 _____ C:\Users\Lap\Downloads\FoxitPhantomPDF901_enu_Setup.msi 2018-03-21 22:10 - 2018-03-21 22:10 - 001132547 _____ C:\Users\Lap\Downloads\Letter(2).pdf 2018-03-21 22:10 - 2018-03-21 22:10 - 001081242 _____ C:\Users\Lap\Downloads\Letter(1).pdf 2018-03-21 22:10 - 2018-03-21 22:10 - 001081238 _____ C:\Users\Lap\Downloads\Letter(3).pdf 2018-03-21 22:09 - 2018-03-21 22:09 - 001132546 _____ C:\Users\Lap\Downloads\Letter.pdf 2018-03-21 04:02 - 2018-03-21 04:02 - 000077420 _____ C:\Users\Lap\Downloads\HMS Cheer Parent Meeting.docx.pdf 2018-03-21 04:02 - 2018-03-21 04:02 - 000077420 _____ C:\Users\Lap\Downloads\HMS Cheer Parent Meeting.docx(1).pdf 2018-03-20 20:59 - 2018-03-20 20:59 - 006761845 _____ C:\Users\Lap\Downloads\KonzCh11.pdf 2018-03-20 20:17 - 2018-03-20 20:18 - 000000000 ____D C:\Users\Lap\AppData\Local\bodor 2018-03-20 20:17 - 2018-03-20 20:17 - 000000000 ____D C:\WINDOWS\System32\Tasks\{0FBF0DD3-C0F8-D8F2-F1C5-3C6F2EE112D0} 2018-03-20 20:16 - 2018-03-20 20:17 - 000000000 ____D C:\Users\Lap\AppData\Local\{1DF82BA4-3950-471C-54C8-62F470A09E6C} 2018-03-20 20:15 - 2018-03-20 20:17 - 000000000 ____D C:\Users\Lap\AppData\Local\Holagil 2018-03-20 19:45 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-03-20 19:45 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-03-20 19:45 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-03-20 19:45 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-03-20 19:45 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-03-20 19:45 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-03-20 19:45 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-03-20 19:45 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-03-20 19:45 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-03-20 19:45 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-03-20 19:45 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-03-20 19:45 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-03-20 19:45 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-03-20 19:45 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-03-20 19:45 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-03-20 19:45 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2018-03-20 19:45 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-03-20 19:45 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-03-20 19:45 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-03-20 19:45 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-03-20 19:45 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2018-03-20 19:45 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-03-20 19:45 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-03-20 19:45 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-03-20 19:45 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-03-20 19:45 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-03-20 19:45 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-03-20 19:45 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-03-20 19:45 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-03-20 19:45 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-03-20 19:45 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-03-20 19:45 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-03-20 19:45 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-03-20 19:45 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-03-20 19:45 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-03-20 19:45 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2018-03-20 19:45 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-03-20 19:45 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-03-20 19:45 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-03-20 19:45 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-03-20 19:45 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-03-20 19:45 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-03-20 19:45 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-03-20 19:45 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-03-20 19:45 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-03-20 19:45 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-03-20 19:45 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-03-20 19:45 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-03-20 19:45 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-03-20 19:45 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-03-20 19:45 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-03-20 19:45 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-03-20 19:45 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-03-20 19:45 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2018-03-20 19:45 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-03-20 19:45 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-03-20 19:45 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-03-20 19:45 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2018-03-20 19:45 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2018-03-20 19:45 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-03-20 19:45 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-03-20 19:45 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-03-20 19:45 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2018-03-20 19:45 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-03-20 19:45 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2018-03-20 19:45 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-03-20 19:45 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys 2018-03-20 19:45 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-03-20 19:44 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-03-20 19:44 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll 2018-03-20 19:44 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-03-20 19:44 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll 2018-03-20 19:44 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll 2018-03-20 19:44 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-03-20 19:44 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-03-20 19:44 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-03-20 19:44 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-03-20 19:44 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-03-20 19:44 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-03-20 19:44 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-03-20 19:44 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-03-20 19:44 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-03-20 19:44 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-03-20 19:44 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-03-20 19:44 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-03-20 19:44 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-03-20 19:44 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-03-20 19:44 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-03-20 19:44 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-03-20 19:44 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-03-20 19:44 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-03-20 19:44 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-03-20 19:44 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-03-20 19:44 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-03-20 19:44 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-03-20 19:44 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-03-20 19:44 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-03-20 19:44 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-03-20 19:44 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-03-20 19:44 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll 2018-03-20 19:44 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2018-03-20 19:44 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-03-20 19:44 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2018-03-20 19:44 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-03-20 19:44 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2018-03-20 19:44 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2018-03-20 19:44 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-03-20 19:44 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2018-03-20 19:44 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-03-20 19:44 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-03-20 19:44 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-03-20 19:44 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-03-20 19:44 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-03-20 19:44 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2018-03-20 19:44 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-03-20 19:44 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2018-03-20 19:44 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll 2018-03-20 19:44 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-03-20 19:44 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-03-20 19:44 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-03-20 19:44 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-03-20 19:44 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll 2018-03-20 19:44 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-03-20 19:44 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-03-20 19:44 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-03-20 19:44 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-03-20 19:44 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-03-20 19:44 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-03-20 19:44 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-03-20 19:44 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2018-03-20 19:44 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2018-03-20 19:44 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-03-20 19:44 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-03-20 19:44 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-03-20 19:44 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-03-20 19:44 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2018-03-20 19:44 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-03-20 19:44 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-03-20 19:44 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-03-20 19:44 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2018-03-20 19:44 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2018-03-20 19:44 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-03-20 19:44 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-03-20 19:44 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll 2018-03-20 19:44 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2018-03-20 19:44 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-03-20 19:44 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-03-20 19:44 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-03-20 19:44 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-03-20 19:44 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-03-20 19:44 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-03-20 19:44 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2018-03-20 19:44 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-03-20 19:44 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-03-20 19:44 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-03-20 19:44 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-03-20 19:44 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-03-20 19:44 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-03-20 19:44 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2018-03-20 19:44 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll 2018-03-20 19:44 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-03-20 19:44 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-03-20 19:44 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-03-20 19:44 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-03-20 19:44 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-03-20 19:44 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-03-20 19:44 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys 2018-03-20 19:44 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-03-20 19:44 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-03-20 19:44 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2018-03-20 19:44 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-03-20 19:44 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-03-20 19:44 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-03-20 19:44 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-03-20 19:44 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2018-03-20 19:44 - 2018-02-21 19:26 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys 2018-03-20 19:44 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-03-20 19:44 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-03-20 19:44 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-03-20 19:27 - 2018-03-20 19:27 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-03-07 01:10 - 2018-03-07 01:10 - 000000000 ___HD C:\Users\Lap\AppData\Local\2b3e2bc70105b8e5 2018-03-03 16:51 - 2018-03-03 16:51 - 002184232 _____ (LogMeIn, Inc.) C:\Users\Lap\Downloads\Support-LogMeInRescue.exe 2018-03-01 15:33 - 2018-03-01 15:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-30 03:22 - 2018-02-11 22:24 - 000000000 ____D C:\Users\Lap\AppData\LocalLow\Mozilla 2018-03-30 03:10 - 2018-02-12 01:10 - 000000267 _____ C:\Users\Lap\AppData\Roaming\WB.CFG 2018-03-30 02:54 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-03-30 02:53 - 2018-01-06 01:27 - 002054198 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-03-30 02:53 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-30 02:53 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-30 02:50 - 2018-02-11 22:46 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D5870D7-E866-4F00-A5E9-DA4800ED1E40} 2018-03-30 02:49 - 2018-02-23 00:54 - 000000000 ___RD C:\Users\Lap\Creative Cloud Files 2018-03-30 02:49 - 2018-02-11 22:10 - 000000000 ____D C:\Users\Lap\AppData\Local\Adobe 2018-03-30 02:48 - 2018-01-05 23:28 - 000000000 __RDL C:\Users\Lap\OneDrive 2018-03-30 02:47 - 2018-01-06 01:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-03-30 02:47 - 2018-01-06 01:16 - 000000000 ____D C:\Users\Lap 2018-03-30 02:47 - 2018-01-06 01:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-03-29 19:26 - 2018-02-11 23:33 - 000000000 ____D C:\Users\Lap\AppData\Local\PlaceholderTileLogoFolder 2018-03-29 19:26 - 2018-01-06 01:17 - 000000000 ____D C:\Users\Lap\AppData\Local\Packages 2018-03-29 14:33 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-03-28 14:19 - 2018-02-11 22:24 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-03-28 14:19 - 2018-02-11 22:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-27 23:25 - 2018-02-12 18:43 - 000000000 ____D C:\Users\Lap\Documents\Autosave Files 2018-03-27 20:20 - 2018-02-11 22:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-03-26 15:12 - 2018-01-06 01:14 - 000467000 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-03-23 21:45 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache 2018-03-23 20:52 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-23 20:50 - 2018-01-16 20:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-23 20:45 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2018-03-21 22:30 - 2018-02-23 00:25 - 000000000 ____D C:\ProgramData\Package Cache 2018-03-21 20:20 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-03-21 20:13 - 2018-01-06 01:29 - 000000000 ___RD C:\Users\Lap\3D Objects 2018-03-21 20:13 - 2018-01-05 23:23 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-03-21 05:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-03-20 20:04 - 2018-01-06 21:42 - 000000000 ____D C:\Users\Lap\AppData\Local\ElevatedDiagnostics 2018-03-20 19:55 - 2018-01-06 01:38 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-03-20 19:53 - 2018-01-06 01:38 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-03-20 19:52 - 2018-01-06 01:38 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-03-20 19:47 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-03-20 19:47 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-03-20 19:27 - 2018-02-12 01:00 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-03-20 19:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-03-20 19:27 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-03-11 21:16 - 2018-01-06 01:26 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-160456416-707960844-379946741-1001 2018-03-11 21:16 - 2018-01-05 23:28 - 000002353 _____ C:\Users\Lap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-01 15:44 - 2017-09-29 08:46 - 000000000 ___RD C:\Program Files\Windows Defender ==================== Files in the root of some directories ======= 2018-02-12 01:10 - 2018-03-30 03:10 - 000000267 _____ () C:\Users\Lap\AppData\Roaming\WB.CFG 2018-02-12 00:23 - 2018-02-12 00:23 - 000000017 _____ () C:\Users\Lap\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-22 02:04 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by Rodney Lewallen (30-03-2018 03:49:09) Running from C:\Users\Lap\Downloads Windows 10 Pro Version 1709 16299.309 (X64) (2018-01-06 06:28:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-160456416-707960844-379946741-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-160456416-707960844-379946741-503 - Limited - Disabled) Emma K (S-1-5-21-160456416-707960844-379946741-1002 - Limited - Disabled) Guest (S-1-5-21-160456416-707960844-379946741-501 - Limited - Disabled) Rlewa (S-1-5-21-160456416-707960844-379946741-1004 - Limited - Disabled) Rodney Lewallen (S-1-5-21-160456416-707960844-379946741-1001 - Administrator - Enabled) => C:\Users\Lap Tanke_y1bte3f (S-1-5-21-160456416-707960844-379946741-1003 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-160456416-707960844-379946741-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Active Models (HKLM-x32\...\Active Models) (Version: - ) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated) Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated) Bing Search Engine (HKLM-x32\...\{1C1EF4DE-4C9E-255E-FD1E-55DE2D9E865E}) (Version: - ) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.18.0.0 - Byte Technologies LLC) <==== ATTENTION Chromium (HKLM-x32\...\{873A6FFA-D7BA-BE7A-663A-CEFAB6BA1D7A}) (Version: - ) Dell System Detect (HKU\S-1-5-21-160456416-707960844-379946741-1001\...\d24084d039586cae) (Version: 8.11.0.3 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION) EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Excel Quality V4 (HKLM-x32\...\Excel Quality V4) (Version: - ) Foxit PhantomPDF (HKLM-x32\...\{DA44E1A4-E022-11E7-9D85-000C296BF29B}) (Version: 9.0.1.1049 - Foxit Software Inc.) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2236 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-160456416-707960844-379946741-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2236 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden VitalSource Bookshelf (HKLM-x32\...\{5662bb17-987f-4669-a168-ae4001d70a23}) (Version: 7.6.0004 - Ingram Content Group) Wolfram CDF Player 11.2 (M-WIN-D 11.2.0 5833975) (HKLM\...\M-WIN-D 11.2.0 5833975_is1) (Version: 11.2.0 - Wolfram Research, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-160456416-707960844-379946741-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F20746EC9F90}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-160456416-707960844-379946741-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] () ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] () ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] () ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {184B9F6F-51AD-4E08-B7B1-AA1642AAE8E8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-20] (Adobe Systems Incorporated) Task: {1B2F5616-A5CC-4E32-9F1A-B11E9BB2E8E0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-22] () Task: {1D3D630C-CED9-4A38-9A32-38C738233DDE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-22] () Task: {2AD8BC6F-687E-4AD5-A170-9CF0CA8AF1ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {472303BB-3C7D-40B0-91D3-1B5172F7F36C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {50504055-D91A-46AB-88F0-DE248365C5D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-23] (Microsoft Corporation) Task: {5FC62AFC-AF93-4531-BAA2-990B85D15C7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-20] (Adobe Systems Incorporated) Task: {5FD52FA4-A347-4C66-9B11-B760BA1D1DE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {64349628-6D65-44AE-B696-8AB5D3BD5A2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-03-23] (Microsoft Corporation) Task: {7100C00A-8857-4CED-81F5-506E08E562A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {99482050-A2C1-461F-995A-E396CF227430} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-03] (Microsoft Corporation) Task: {A461E39B-186A-41F1-8F16-79643CE96B2E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-23] (Microsoft Corporation) Task: {A5B2E867-101E-4EFB-9B2E-FAC6C5B43255} - System32\Tasks\{0FBF0DD3-C0F8-D8F2-F1C5-3C6F2EE112D0}\Cogoniha => C:\Users\Lap\AppData\Local\bodor\Cogoniha.exe [2013-04-13] () Task: {A8BBC963-353A-4B06-A322-4BB50DF7E573} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-6OB4Q5J-Rodney Lewallen => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {C8F83545-1BBF-4D3F-96D9-6914901E0460} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {DAB75DF7-3DC7-434F-B8ED-4C406AFEBF87} - System32\Tasks\{2CC57B3D-F2A5-97A4-A8BC-2A6F85733932}\todek => C:\Program Files (x86)\Common Files\Lokemokege\todek.exe [2013-04-21] () Task: {EEB7B0E3-4BD9-4F9B-ACE7-629108E41481} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-03] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-01-05 23:28 - 2016-11-14 06:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2018-02-10 02:12 - 2018-02-10 02:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll 2018-03-20 19:44 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-03-20 19:44 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-03-26 19:30 - 2018-03-26 19:31 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-03-26 19:30 - 2018-03-26 19:31 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-03-26 19:30 - 2018-03-26 19:31 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-03-26 19:30 - 2018-03-26 19:31 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll 2018-03-26 19:30 - 2018-03-26 19:31 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-02-27 21:08 - 2018-02-27 21:08 - 034523072 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe 2018-03-11 21:20 - 2018-03-11 21:21 - 001227440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2018-02-04 19:18 - 2018-02-04 19:18 - 004601048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-12-13 20:38 - 2017-12-13 20:38 - 000975872 _____ () c:\windows\system32\FaceProcessor.dll 2017-12-13 20:38 - 2017-12-13 20:38 - 000269696 _____ () c:\windows\system32\FaceProcessorCore.dll 2017-09-29 08:41 - 2017-09-29 08:41 - 001357464 _____ () c:\windows\system32\FaceTrackerInternal.dll 2018-02-14 06:03 - 2018-02-14 06:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2018-01-30 09:38 - 2018-01-30 09:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2018-01-30 09:39 - 2018-01-30 09:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2018-01-30 09:38 - 2018-01-30 09:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2018-01-30 09:38 - 2018-01-30 09:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2018-02-14 06:26 - 2018-02-14 06:26 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2018-01-30 09:38 - 2018-01-30 09:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000125904 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000125392 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000133072 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000222160 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000099792 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2018-02-14 06:20 - 2018-02-14 06:20 - 000106456 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node 2018-02-14 06:20 - 2018-02-14 06:20 - 000094168 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-160456416-707960844-379946741-1001\...\sharepoint.com -> hxxps://gotarleton-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 16:03 - 2018-02-12 01:31 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-160456416-707960844-379946741-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg DNS Servers: 209.18.47.62 - 209.18.47.61 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-160456416-707960844-379946741-1001\...\StartupApproved\Run: => "Chromium" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8DED2A86-18E1-4ED6-9AE4-676AAC4B22D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3A632698-77E3-4BBC-9DFA-B019320EFB17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{547A855C-744C-4A8D-8B44-8E9F0AAA503F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{CD76C26C-157D-4723-9217-685A462A74CA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{9F16C31A-D915-4B28-8115-BCC20A639D1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{57CBA991-555C-4796-81A9-CE5B2EACA32F}] => (Allow) C:\Users\Lap\AppData\Local\Temp\EPSON WorkForce 545 Series_Asia\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe FirewallRules: [{1D1FC7BD-8A5C-4EAC-803F-AC52EFA6BB2B}] => (Allow) C:\Users\Lap\AppData\Local\Temp\EPSON WorkForce 545 Series_Asia\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe FirewallRules: [{9CE69F5B-873B-4840-BE41-C4765228DD44}] => (Allow) C:\Users\Lap\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{34AB4130-A16A-46AB-901E-E72FA108EA61}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CC692D04-F39E-474F-90FB-2B4358D6CE14}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{9E201A30-FF05-4310-B32D-FE9BBE153032}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{CC941C39-D7B5-410B-B60F-16EE79D70949}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [TCP Query User{14962333-BA1C-4B11-9F90-5D30A8B5EC7D}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [UDP Query User{927EDE19-B7F8-4D3C-8856-11F62E50F745}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [{FD5CC920-459B-4888-97C6-A15C44E1EFE1}] => (Block) C:\windows\system32\rundll32.exe FirewallRules: [{13192EB6-A610-483D-848F-825E6DEE1902}] => (Block) C:\windows\system32\rundll32.exe FirewallRules: [{B3B5E70B-0801-47F0-9BA4-B91196B20B1D}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\WolframCDFPlayer.exe FirewallRules: [{429D2E7C-1EA6-4372-B447-64BC88D2888B}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\WolframCDFPlayer.exe FirewallRules: [{2D324BC6-7532-4438-AFC7-497B6EFC7C7A}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\MathKernel.exe FirewallRules: [{B3E54E2B-BA16-40BA-912B-A35A43E7D982}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\MathKernel.exe FirewallRules: [{CF706C49-FE1B-4AF7-97C3-7FA205990320}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\math.exe FirewallRules: [{718F1855-CC69-4206-9718-69C4F0567153}] => (Allow) C:\Program Files\Wolfram Research\Wolfram CDF Player\11.2\math.exe FirewallRules: [TCP Query User{028DC422-1F52-4250-B11F-A1457DF12485}C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{B9BF838F-4EF4-47F2-B909-B109CF2B9241}C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lap\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [{A5FE24F6-97F8-4946-8304-5337E254A1C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{F0C326D7-E311-4F6F-A5F2-B45CB4530F1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{2CB628D2-C24C-4A23-86E2-41C8C7266AF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{826B7067-354F-4E5C-9B44-67009A11067B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{EFB744A6-E743-4C31-8115-0F310E7BAD23}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{484A67AD-62B7-4245-B748-3066CB8625EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{021A6214-8973-4024-8802-19D82D7E533D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{488BD3D7-7AE9-45A7-B256-7C9AA7CD0981}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{4837548B-AED3-411F-8812-A54EC1D0FA4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{1ADCA1D1-30B1-4B95-8788-4F11F3A950C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe ==================== Restore Points ========================= 04-03-2018 22:27:20 Scheduled Checkpoint 20-03-2018 19:43:36 Windows Update 21-03-2018 22:27:48 Installed Foxit PhantomPDF 26-03-2018 01:06:22 Installed VitalSource Bookshelf. ==================== Faulty Device Manager Devices ============= Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/29/2018 07:31:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GeoGebra.exe, version: 1.0.0.0, time stamp: 0x59cb9033 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.248, time stamp: 0xc71fa28c Exception code: 0xc000027b Fault offset: 0x008943fa Faulting process id: 0x2b7c Faulting application start time: 0x01d3c7bdb24ae79f Faulting application path: C:\Program Files\WindowsApps\18FD273D.GeoGebraGraphingCalculator_6.0.388.0_neutral__1f5eszzrqmqpy\GeoGebra.exe Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: decafb52-4a26-47c0-b9c6-2409581e7447 Faulting package full name: 18FD273D.GeoGebraGraphingCalculator_6.0.388.0_neutral__1f5eszzrqmqpy Faulting package-relative application ID: App Error: (03/27/2018 08:20:31 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/27/2018 01:56:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-6OB4Q5J) Description: Package Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (03/20/2018 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (03/20/2018 07:31:02 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/06/2018 10:10:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: todek.exe, version: 0.0.0.0, time stamp: 0x573dcb6c Faulting module name: KERNELBASE.dll, version: 10.0.16299.248, time stamp: 0x13ae3814 Exception code: 0xc0000409 Fault offset: 0x001008c2 Faulting process id: 0x1ae8 Faulting application start time: 0x01d3b5c1c8029bfa Faulting application path: C:\PROGRA~2\COMMON~1\LOKEMO~1\todek.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 1e602e73-09cd-485e-8cac-adaa012a268e Faulting package full name: Faulting package-relative application ID: Error: (03/05/2018 10:16:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (02/27/2018 09:27:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AAM Updates Notifier.exe, version: 9.0.0.281, time stamp: 0x5776ade0 Faulting module name: UpdaterCore.dll, version: 9.0.0.30, time stamp: 0x5773799f Exception code: 0xc0000005 Fault offset: 0x0006287e Faulting process id: 0x241c Faulting application start time: 0x01d3b03b96ea6bbd Faulting application path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe Faulting module path: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterCore.dll Report Id: c943c7a6-182f-4615-948e-eab0fb7cd3cf Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/30/2018 02:47:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-03-30 03:19:01.887 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D1465D86-C5E1-4A80-A4B7-FA0939A79F0A} Scan Type: Antimalware Scan Parameters: Custom Scan Date: 2018-03-30 03:07:03.073 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {1E9BEAC0-FECE-4889-90E1-D27675BA9F5D} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-03-27 20:53:06.138 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F6E50DBF-01CE-4B5B-A6C8-A7423B2DF78D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-03-27 20:39:28.391 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {5D986DCF-DDDE-4AD4-9B12-50CFE1622C61} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-03-26 17:17:53.398 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {28BB28D5-4D66-4EA3-B667-BCD4B12FF37C} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-22 17:03:26.900 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.1518.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-02-05 02:41:28.685 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.756.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-02-05 02:41:28.684 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-02-05 02:41:28.671 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.756.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-02-05 02:41:28.670 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.756.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee7 Error description: The server name or address could not be resolved ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz Percentage of memory in use: 75% Total physical RAM: 3957.37 MB Available physical RAM: 970.52 MB Total Virtual: 4981.37 MB Available Virtual: 952.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:420.34 GB) NTFS Drive f: () (Removable) (Total:1.92 GB) (Free:1.32 GB) FAT \\?\Volume{52306a34-5106-4900-9740-2520c6cdb5e5}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS \\?\Volume{72fbff42-6d65-48ff-a856-9a4e0309179a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00DFD600) Partition 1: (Active) - (Size=1.9 GB) - (Type=06) ==================== End of Addition.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
