1. #1

    Have Had BSOD Memory Management, Need To See If Infected

    Hello all. I posted in the BSOD area about what I have had going on. I was directed to come here and make sure my system doesn't have any infections I don't know about. I use Windows Defender and also Malwarebytes Free. I also use Super Anti-Spyware Free. I did have an issue awhile back where my browser was locked up and got this security alert. They said if I tried to do anything my system would be locked up and I needed to call them right away. I had to run task manger to get out of it. Malwarebytes found infections and removed them. I gues it is still possible I have more. Can you help me? FRST.txtAddition.txtSALog.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-10-2017
    Ran by luft3 (administrator) on DESKTOP-I87918H (09-10-2017 18:00:45)
    Running from C:\Users\luft3\Desktop
    Loaded Profiles: luft3 (Available Profiles: luft3)
    Platform: Windows 10 Home Version 1703 170317-1834 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Wistron Corporation) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\VirtualDrive.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226752 2017-05-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor)
    HKLM\...\Run: [OSDApp] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2091520 2015-04-14] (Wistron Corporation)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-28] (SUPERAntiSpyware)
    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
    Startup: C:\Users\luft3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 Series Class Driver.lnk [2017-10-09]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 Series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    GroupPolicy: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{120a5bbb-d123-47c6-9dc9-46e10dfe1ab6}: [DhcpNameServer] 172.18.13.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
    SearchScopes: HKLM -> DefaultScope {C0B9496C-C013-4163-8D99-A1195B2ECDC2} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {C0B9496C-C013-4163-8D99-A1195B2ECDC2} URL =
    SearchScopes: HKU\S-1-5-21-638263750-3043422666-3586077781-1001 -> DefaultScope {C0B9496C-C013-4163-8D99-A1195B2ECDC2} URL =
    SearchScopes: HKU\S-1-5-21-638263750-3043422666-3586077781-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF DefaultProfile: dwqtc1k7.default-1504372667848
    FF ProfilePath: C:\Users\luft3\AppData\Roaming\Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848 [2017-10-09]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848 -> Yahoo! Powered
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848 -> Yahoo! Powered
    FF Homepage: Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848 -> hxxp://wspa.com/
    FF Keyword.URL: Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848 -> user_pref("keyword.URL", true);
    FF Extension: (Adblock Plus) - C:\Users\luft3\AppData\Roaming\Mozilla\Firefox\Profiles\dwqtc1k7.default-1504372667848\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-10-05]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [325600 2016-11-28] (Windows (R) Win 7 DDK provider)
    S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
    S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
    R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
    R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
    R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1592064 2016-05-18] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.EXE [192512 2013-12-27] () [File not signed]
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-05-04] (Realtek Semiconductor)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4320176 2017-05-02] (Qualcomm Atheros Communications, Inc.)
    R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [608656 2016-11-28] (Qualcomm)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
    R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-18] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-18] (Intel Corporation)
    S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-02] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-02] (Disc Soft Ltd)
    R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-18] (Intel Corporation)
    R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7402992 2016-11-02] (Intel Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-10-09] (Malwarebytes)
    R1 MpKsl46544125; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AA37F8A-69C4-4FFB-889F-F090723E8B37}\MpKsl46544125.sys [58120 2017-10-09] (Microsoft Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
    R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
    S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-09 18:00 - 2017-10-09 18:02 - 000015053 _____ C:\Users\luft3\Desktop\FRST.txt
    2017-10-09 17:59 - 2017-10-09 18:00 - 000000000 ____D C:\FRST
    2017-10-09 17:57 - 2017-10-09 17:57 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2017-10-09 17:57 - 2017-10-09 17:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-10-09 17:54 - 2017-10-09 17:54 - 002401792 _____ (Farbar) C:\Users\luft3\Desktop\FRST64.exe
    2017-10-09 17:54 - 2017-10-09 17:54 - 000899584 _____ C:\Users\luft3\Desktop\RGSA.exe
    2017-10-09 16:43 - 2017-10-09 16:43 - 002361458 _____ C:\Users\luft3\Documents\SysnativeFileCollectionApp.zip
    2017-10-09 16:25 - 2017-10-09 16:42 - 000000000 ____D C:\Users\luft3\Documents\SysnativeFileCollectionApp
    2017-10-09 16:19 - 2017-10-09 16:19 - 000158720 _____ (Sysnative) C:\Users\luft3\Documents\SysnativeBSODCollectionApp.exe
    2017-10-09 14:13 - 2017-10-09 14:27 - 000000000 ____D C:\SFCFix
    2017-10-09 14:01 - 2017-10-09 14:27 - 000000000 ____D C:\Users\luft3\AppData\Local\niemiro
    2017-10-09 08:53 - 2017-10-09 08:54 - 000552404 _____ C:\WINDOWS\Minidump\100917-25734-01.dmp
    2017-10-08 20:34 - 2017-10-08 20:35 - 011697253 _____ (Amazing-Share Official Website - Focus on Multimedia, Data Rescue and Partition Manager Software ) C:\Users\luft3\Downloads\free_any_data_recovery.exe
    2017-10-08 20:33 - 2017-10-08 20:33 - 000791552 _____ () C:\Users\luft3\Downloads\recovery.exe
    2017-10-08 20:29 - 2017-10-08 20:29 - 002375646 _____ (Puran Software ) C:\Users\luft3\Downloads\PuranFileRecoverySetup.exe
    2017-10-08 20:27 - 2017-10-08 20:28 - 005562976 _____ (Piriform Ltd) C:\Users\luft3\Downloads\rcsetup153.exe
    2017-10-08 16:51 - 2017-10-08 18:56 - 000000000 ____D C:\Program Files (x86)\All Media Fixer
    2017-10-08 16:40 - 2017-10-08 16:45 - 000000000 ____D C:\Users\luft3\AppData\Roaming\MediaInfo
    2017-10-08 16:39 - 2017-10-08 16:46 - 000000000 ____D C:\Program Files\MediaInfo
    2017-10-08 16:13 - 2017-10-08 16:13 - 000000000 _RSHD C:\ProgramData\Key-Base
    2017-10-08 16:13 - 2017-10-08 16:13 - 000000000 ____D C:\ProgramData\{CEB186E0-7000-268E-F4D1-DF17C1BF4250}
    2017-10-08 16:04 - 2017-10-08 16:04 - 007492920 _____ C:\Users\luft3\Downloads\88ca7211526d01f4a022ffd98c1613ba_xvid.avi
    2017-10-08 16:03 - 2017-10-08 16:03 - 008044240 _____ C:\Users\luft3\Downloads\0b5f943077e0024613dcb72e77fa9213_xvid.avi
    2017-10-08 14:11 - 2017-10-08 14:11 - 013008731 _____ C:\Users\luft3\Downloads\2f515688a183407b0a89296728579d32.mp4
    2017-10-06 16:52 - 2017-10-06 16:52 - 000003932 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration
    2017-10-04 20:24 - 2017-10-04 20:27 - 000000000 ___HD C:\Users\luft3\AppData\Local\1277fa711d0aac3a
    2017-10-04 16:46 - 2017-10-04 16:46 - 000185525 _____ C:\Users\luft3\Downloads\faea038d8daabc0f352155b38e081fe8.jpeg
    2017-10-03 09:55 - 2017-10-03 09:55 - 000001284 _____ C:\Users\luft3\Desktop\Any Video Converter.lnk
    2017-10-02 21:39 - 2017-10-02 21:39 - 001853717 _____ C:\Users\luft3\Downloads\28d607accab6e45bf541903b67fc1899_x264.mp4
    2017-10-02 21:30 - 2017-10-02 21:35 - 000000000 ____D C:\Users\luft3\Downloads\Waterfalls x186
    2017-09-28 19:41 - 2017-09-28 19:41 - 000000000 ____D C:\Users\luft3\.cisco
    2017-09-28 19:37 - 2017-09-28 19:51 - 000000000 ____D C:\ProgramData\Cisco
    2017-09-28 18:41 - 2017-09-28 18:58 - 000000000 ____D C:\Users\luft3\AppData\Roaming\TunnelBear
    2017-09-28 18:41 - 2017-09-28 18:41 - 000000000 ____D C:\Users\luft3\AppData\Local\IsolatedStorage
    2017-09-28 17:09 - 2017-09-28 17:09 - 003970750 _____ C:\Users\luft3\Downloads\xhamster.com_5129142_hentai_futa_lara_and_sam.mp4
    2017-09-27 16:00 - 2017-09-27 16:15 - 000000000 ____D C:\Users\luft3\Documents\Cute Stuff
    2017-09-23 09:45 - 2017-10-07 08:50 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-09-23 09:45 - 2017-09-23 09:45 - 000001882 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-09-23 09:45 - 2017-09-23 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-09-23 09:45 - 2017-09-23 09:45 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-09-23 09:45 - 2017-09-23 09:45 - 000000000 ____D C:\Program Files\Malwarebytes
    2017-09-21 16:10 - 2017-09-21 16:10 - 000002081 _____ C:\Users\Public\Desktop\SupportAssist.lnk
    2017-09-21 16:10 - 2017-09-21 16:10 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
    2017-09-21 16:09 - 2017-09-21 16:10 - 000000000 ____D C:\Program Files\Dell Support Center
    2017-09-21 08:31 - 2017-09-21 08:31 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-638263750-3043422666-3586077781-1001
    2017-09-21 08:31 - 2017-09-21 08:31 - 000002365 _____ C:\Users\luft3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-09-16 08:50 - 2017-09-16 08:55 - 000029870 _____ C:\Users\luft3\Downloads\open-hand-outline-niXyRrGiB.jpeg
    2017-09-15 08:21 - 2017-09-15 08:21 - 000230672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-09-14 12:52 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2017-09-14 12:52 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2017-09-14 12:52 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-09-14 12:52 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2017-09-14 12:52 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-09-14 12:52 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-09-14 12:52 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-09-14 12:52 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-09-14 12:52 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-09-14 12:52 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2017-09-14 12:52 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-09-14 12:52 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-09-14 12:52 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
    2017-09-14 12:52 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2017-09-14 12:52 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-09-14 12:52 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2017-09-14 12:52 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2017-09-14 12:52 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-09-14 12:52 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2017-09-14 12:52 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-09-14 12:52 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2017-09-14 12:52 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-09-14 12:52 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-09-14 12:52 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-09-14 12:52 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2017-09-14 12:52 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-09-14 12:52 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-09-14 12:52 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2017-09-14 12:52 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
    2017-09-14 12:52 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-09-14 12:52 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2017-09-14 12:52 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-09-14 12:52 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-09-14 12:52 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-09-14 12:52 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-09-14 12:52 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-09-14 12:52 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-09-14 12:52 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-09-14 12:52 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-09-14 12:52 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-09-14 12:52 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-09-14 12:52 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-09-14 12:52 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-09-14 12:52 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2017-09-14 12:52 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-09-14 12:52 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-09-14 12:52 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-09-14 12:52 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-09-14 12:52 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-09-14 12:52 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-09-14 12:52 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2017-09-14 12:52 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-09-14 12:52 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2017-09-14 12:52 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2017-09-14 12:52 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-09-14 12:52 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-09-14 12:52 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-09-14 12:52 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-09-14 12:52 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2017-09-14 12:52 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-09-14 12:52 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
    2017-09-14 12:52 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2017-09-14 12:51 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-09-14 12:51 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2017-09-14 12:51 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
    2017-09-14 12:51 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-09-14 12:51 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2017-09-14 12:51 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
    2017-09-14 12:51 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2017-09-14 12:51 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
    2017-09-14 12:51 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2017-09-14 12:51 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2017-09-14 12:51 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2017-09-14 12:51 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
    2017-09-14 12:51 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-09-14 12:51 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2017-09-14 12:51 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2017-09-14 12:51 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-09-14 12:51 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-09-14 12:51 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
    2017-09-14 12:51 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-09-14 12:51 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2017-09-14 12:51 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2017-09-14 12:51 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2017-09-14 12:51 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2017-09-14 12:51 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
    2017-09-14 12:51 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2017-09-14 12:51 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2017-09-14 12:51 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-09-14 12:51 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-09-14 12:51 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2017-09-14 12:51 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2017-09-14 12:51 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
    2017-09-14 12:51 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
    2017-09-14 12:51 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
    2017-09-14 12:51 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-09-14 12:51 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2017-09-14 12:51 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
    2017-09-14 12:51 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2017-09-14 12:51 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-09-14 12:51 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2017-09-14 12:51 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2017-09-14 12:51 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-09-14 12:51 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
    2017-09-14 12:51 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-09-14 12:51 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
    2017-09-14 12:51 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-09-14 12:51 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2017-09-14 12:51 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2017-09-14 12:51 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-09-14 12:51 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-09-14 12:51 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
    2017-09-14 12:51 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2017-09-14 12:50 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-09-14 12:50 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2017-09-14 12:50 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-09-14 12:50 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-09-14 12:50 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-09-14 12:50 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2017-09-14 12:50 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-09-14 12:50 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2017-09-14 12:50 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2017-09-14 12:50 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-09-14 12:50 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2017-09-14 12:50 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-09-14 12:50 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2017-09-14 12:50 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-09-14 12:50 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2017-09-14 12:50 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-09-14 12:50 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-09-14 12:50 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-09-14 12:50 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2017-09-14 12:50 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-09-14 12:50 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-09-14 12:50 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-09-14 12:50 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2017-09-14 12:50 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
    2017-09-14 12:50 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-09-14 12:50 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-09-14 12:50 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
    2017-09-14 12:50 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-09-14 12:50 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2017-09-14 12:50 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2017-09-14 12:50 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2017-09-14 12:50 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
    2017-09-14 12:50 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2017-09-14 12:50 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2017-09-14 12:50 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2017-09-14 12:50 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-09-14 12:50 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2017-09-14 12:50 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-09-14 12:50 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-09-14 12:50 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
    2017-09-14 12:50 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-09-14 12:50 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-09-14 12:50 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-09-14 12:50 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2017-09-14 12:50 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2017-09-14 12:50 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
    2017-09-14 12:50 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2017-09-14 12:50 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-09-14 12:50 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-09-14 12:50 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-09-14 12:50 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2017-09-14 12:50 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-09-14 12:50 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
    2017-09-14 12:50 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-09-14 12:50 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2017-09-14 12:50 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-09-14 12:50 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
    2017-09-14 12:50 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2017-09-14 12:50 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2017-09-14 12:50 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-09-14 12:50 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-09-14 12:50 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-09-14 12:50 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-09-14 12:50 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-09-14 12:50 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-09-14 12:50 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-09-14 12:50 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-09-14 12:50 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-09-14 12:50 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-09-14 12:50 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2017-09-14 12:50 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
    2017-09-14 12:49 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-09-14 12:49 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2017-09-14 12:49 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-09-14 12:49 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-09-14 12:49 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
    2017-09-14 12:49 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-09-14 12:49 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
    2017-09-14 12:49 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2017-09-14 12:49 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2017-09-14 12:49 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-09-14 12:49 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-09-14 12:49 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-09-14 12:49 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-09-14 12:49 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2017-09-14 12:49 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2017-09-14 12:49 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2017-09-14 12:49 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-09-14 12:49 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2017-09-14 12:49 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2017-09-14 12:49 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
    2017-09-14 12:49 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2017-09-14 12:49 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2017-09-14 12:49 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
    2017-09-14 12:49 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2017-09-14 12:49 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-09-14 12:49 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-09-14 12:49 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2017-09-14 12:49 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-09-14 12:49 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-09-14 12:49 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2017-09-14 12:49 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-09-14 12:49 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2017-09-14 12:49 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-09-14 12:49 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2017-09-14 12:49 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
    2017-09-14 12:49 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2017-09-14 12:49 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-09-14 12:49 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-09-14 12:49 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
    2017-09-14 12:49 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
    2017-09-14 12:49 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2017-09-14 12:49 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2017-09-14 12:49 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
    2017-09-14 12:49 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2017-09-14 12:49 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2017-09-14 12:49 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2017-09-14 12:49 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-09-14 12:49 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-09-14 12:49 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-09-14 12:49 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-09-14 12:49 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
    2017-09-14 12:49 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2017-09-14 12:49 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
    2017-09-14 12:49 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2017-09-14 12:49 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2017-09-14 12:49 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2017-09-14 12:49 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-09-14 12:49 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2017-09-14 12:49 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
    2017-09-14 12:49 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-09-14 12:49 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-09-14 12:49 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2017-09-14 12:49 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2017-09-14 12:49 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
    2017-09-14 12:49 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2017-09-14 12:49 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2017-09-14 12:49 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-09-14 12:49 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-09-14 12:49 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2017-09-14 12:49 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-09-14 12:49 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2017-09-14 12:49 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-09-14 12:49 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2017-09-14 12:49 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-09-14 12:49 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-09-14 12:49 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2017-09-14 12:49 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-09-14 12:49 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2017-09-14 12:49 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2017-09-14 12:49 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-09-14 12:49 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-09-14 12:49 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-09-14 12:49 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2017-09-14 12:49 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
    2017-09-14 12:49 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-09-14 12:49 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2017-09-14 12:49 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-09-14 12:49 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-09-14 12:49 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-09-14 12:49 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2017-09-14 12:49 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-09-14 12:49 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-09-14 12:49 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2017-09-14 12:49 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2017-09-14 12:49 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2017-09-14 12:49 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
    2017-09-13 09:37 - 2017-09-02 11:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-09-13 09:37 - 2017-09-02 11:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-09 17:57 - 2017-05-20 16:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-10-09 17:57 - 2016-05-25 19:57 - 000000000 __SHD C:\Users\luft3\IntelGraphicsProfiles
    2017-10-09 17:56 - 2017-03-18 07:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2017-10-09 17:30 - 2017-05-20 15:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-10-09 15:33 - 2017-05-20 16:09 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6F298C83-9EFA-45AE-A7F1-A7BA142B8241}
    2017-10-09 15:05 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-10-09 13:59 - 2017-05-20 16:07 - 001628380 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-10-09 10:25 - 2017-03-20 08:04 - 000000000 ____D C:\Users\luft3\AppData\Roaming\vlc
    2017-10-09 08:56 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
    2017-10-09 08:53 - 2017-06-08 06:46 - 000000000 ____D C:\WINDOWS\Minidump
    2017-10-09 08:52 - 2017-09-02 13:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-10-09 08:52 - 2017-03-01 17:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-10-09 08:52 - 2016-03-31 14:41 - 635496436 _____ C:\WINDOWS\MEMORY.DMP
    2017-10-08 21:12 - 2016-06-15 15:32 - 000000000 ____D C:\Users\luft3\Documents\House
    2017-10-08 21:09 - 2017-07-10 11:35 - 000000000 ____D C:\Users\luft3\Downloads\archive
    2017-10-08 18:11 - 2016-06-15 15:29 - 000000000 ____D C:\Users\luft3\Documents\My Guns
    2017-10-08 16:27 - 2017-02-19 21:31 - 000000000 ____D C:\Users\luft3\AppData\Local\VirtualStore
    2017-10-08 15:22 - 2016-06-08 20:36 - 000000000 ____D C:\Users\luft3\Documents\For Sale
    2017-10-08 13:14 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-10-08 13:09 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-10-08 13:09 - 2017-02-19 21:31 - 000000000 ____D C:\Users\luft3\AppData\Local\Packages
    2017-10-06 15:08 - 2016-04-22 22:36 - 1239132160 _____ C:\Users\luft3\Downloads\Young Video Models - Di01 - Daphne 9Yo & Irina 12Yo (60M) (Youngvideomodels Yvm).avi
    2017-10-05 18:35 - 2016-10-23 11:34 - 000000000 ____D C:\Users\luft3\Documents\Purchases
    2017-10-04 20:24 - 2017-08-17 07:51 - 000000249 _____ C:\Users\luft3\AppData\Roaming\WB.CFG
    2017-10-04 20:24 - 2017-08-15 19:24 - 000000000 ____D C:\Users\luft3\AppData\Roaming\6559ACF4-8F2C-1AEA-7EF5-4D597E726715
    2017-10-04 11:01 - 2017-06-25 17:57 - 000000000 ___RD C:\Users\luft3\Downloads\New folder
    2017-10-03 11:06 - 2016-11-15 22:20 - 000000000 ____D C:\Users\luft3\AppData\LocalLow\Mozilla
    2017-10-03 09:56 - 2017-03-15 17:06 - 000000000 ____D C:\Users\luft3\AppData\Roaming\Anvsoft
    2017-10-03 09:53 - 2017-03-15 17:05 - 000000000 ____D C:\Program Files (x86)\Anvsoft
    2017-10-02 14:28 - 2017-07-13 18:57 - 000000000 ____D C:\Users\luft3\Downloads\Cartoons
    2017-09-28 19:51 - 2016-03-31 15:21 - 000000000 ____D C:\Program Files (x86)\Cisco
    2017-09-28 19:41 - 2017-05-20 15:52 - 000000000 ____D C:\Users\luft3
    2017-09-28 18:58 - 2016-03-31 15:15 - 000000000 ____D C:\ProgramData\Package Cache
    2017-09-27 16:14 - 2017-05-08 19:21 - 000000000 ____D C:\Users\luft3\Downloads\Nudists
    2017-09-27 09:36 - 2017-07-27 09:29 - 000000111 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
    2017-09-26 17:21 - 2017-03-23 10:20 - 000000000 ____D C:\Program Files\CCleaner
    2017-09-22 17:05 - 2017-05-20 16:37 - 000005632 _____ C:\Users\luft3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-09-22 06:50 - 2017-03-29 16:03 - 049104946 _____ C:\Users\luft3\AppData\Local\census.cache
    2017-09-22 06:40 - 2017-03-29 14:31 - 000117010 _____ C:\Users\luft3\AppData\Local\ars.cache
    2017-09-21 16:10 - 2016-03-31 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2017-09-21 11:32 - 2016-08-08 09:09 - 000000000 ____D C:\Users\luft3\Documents\Ann's Pictures
    2017-09-21 11:31 - 2017-01-20 19:17 - 000000000 ____D C:\Users\luft3\Documents\Stuff
    2017-09-21 08:31 - 2016-05-25 20:01 - 000000000 ___RD C:\Users\luft3\OneDrive
    2017-09-18 18:32 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-09-15 17:32 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
    2017-09-15 08:27 - 2016-03-31 15:47 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-09-14 20:50 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-09-14 10:46 - 2017-09-02 18:45 - 000000000 ____D C:\Users\luft3\AppData\Roaming\DAEMON Tools Lite
    2017-09-14 10:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-09-14 09:49 - 2017-06-13 16:59 - 000000825 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2017-09-13 09:41 - 2017-02-20 08:42 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-09-13 09:37 - 2017-02-20 08:42 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-09-12 17:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-09-12 17:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-09-09 07:45 - 2017-09-03 12:49 - 000000000 ____D C:\Program Files (x86)\ExtractNow

    ==================== Files in the root of some directories =======

    2017-08-17 07:51 - 2017-10-04 20:24 - 000000249 _____ () C:\Users\luft3\AppData\Roaming\WB.CFG
    2017-03-29 14:31 - 2017-09-22 06:40 - 000117010 _____ () C:\Users\luft3\AppData\Local\ars.cache
    2017-03-29 16:03 - 2017-09-22 06:50 - 049104946 _____ () C:\Users\luft3\AppData\Local\census.cache
    2017-05-20 16:37 - 2017-09-22 17:05 - 000005632 _____ () C:\Users\luft3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-03-28 18:53 - 2017-03-28 18:53 - 000000036 _____ () C:\Users\luft3\AppData\Local\housecall.guid.cache
    2017-03-28 19:07 - 2017-03-28 19:07 - 000000010 _____ () C:\Users\luft3\AppData\Local\sponge.last.runtime.cache
    2017-07-18 08:02 - 2017-07-18 08:02 - 000050147 _____ () C:\ProgramData\agent.1500379330.bdinstall.bin
    2017-07-18 15:53 - 2017-07-18 15:53 - 000030272 _____ () C:\ProgramData\agent.uninstall.1500407585.bdinstall.bin
    2017-02-20 12:27 - 2017-02-20 12:27 - 000000057 _____ () C:\ProgramData\Ament.ini
    2017-07-18 08:18 - 2017-07-18 08:18 - 000502173 _____ () C:\ProgramData\cl.1500379703.bdinstall.bin
    2017-07-18 08:18 - 2017-07-18 08:18 - 000074090 _____ () C:\ProgramData\cl.kit.1500379687.bdinstall.bin
    2017-07-18 15:49 - 2017-07-18 15:49 - 000213585 _____ () C:\ProgramData\cl.uninstall.1500407231.bdinstall.bin
    2017-07-18 08:20 - 2017-07-18 08:20 - 000057062 _____ () C:\ProgramData\dm.1500380365.bdinstall.bin
    2017-07-18 15:47 - 2017-07-18 15:47 - 000036858 _____ () C:\ProgramData\dm.uninstall.1500407249.bdinstall.bin
    2017-05-20 15:50 - 2017-05-20 15:50 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-03-31 15:16 - 2016-03-31 15:16 - 000000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2016-03-31 15:09 - 2016-03-31 15:11 - 000000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2016-03-31 15:14 - 2016-03-31 15:16 - 000000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2016-03-31 15:11 - 2016-03-31 15:14 - 000000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-10-01 17:16

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
    Ran by luft3 (09-10-2017 18:04:19)
    Running from C:\Users\luft3\Desktop
    Windows 10 Home Version 1703 170317-1834 (X64) (2017-05-20 20:19:22)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-638263750-3043422666-3586077781-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-638263750-3043422666-3586077781-503 - Limited - Disabled)
    Guest (S-1-5-21-638263750-3043422666-3586077781-501 - Limited - Disabled)
    luft3 (S-1-5-21-638263750-3043422666-3586077781-1001 - Administrator - Enabled) => C:\Users\luft3

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
    Any Video Converter 6.1.9 (HKLM-x32\...\Any Video Converter) (Version: 6.1.9 - Anvsoft)
    CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
    Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
    Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
    Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
    Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
    Dell OSD (HKLM-x32\...\Dell OSD_is1) (Version: 1.3.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
    Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
    Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
    FastStone Image Viewer 6.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
    HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-638263750-3043422666-3586077781-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 56.0 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0 (x64 en-US)) (Version: 56.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
    Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
    Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.13 - Qualcomm Atheros)
    Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-19] (Cyberlink)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-02] (Intel Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1ACA9641-51AD-4BB3-92A9-C5DDDAAF6807} - System32\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715} => C:\Users\luft3\AppData\Roaming\6559ACF4-8F2C-1AEA-7EF5-4D597E726715\syncversion.exe [2013-04-08] () <==== ATTENTION
    Task: {256398BD-BACB-486A-A439-1FA5BE15BA1C} - System32\Tasks\{D6A59EF1-8CD0-4D38-A921-1FE788E9F66A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
    Task: {34A59D2B-A153-43E6-BD08-9810B003E584} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {6C9FB50D-284B-4D8F-9C83-603A1BFF4D80} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
    Task: {88F3773F-18DD-457B-9C4D-FEECAE99AFEC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {9A8A0C8F-DAF5-4291-8AE1-2C0823A869DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
    Task: {9BE95036-AF91-4C04-B278-771EA6AC4684} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A53D043F-1B80-4F83-933D-A78E9054290C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {A9F85516-DF29-4154-8A8D-3B444FFB83DF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
    Task: {AE750110-3CEE-473B-89D6-BBC25964ACD8} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {B4C6B836-E98E-408C-8BAB-66E0FABFBC9A} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-05-04] (Realtek Semiconductor)
    Task: {B9F99224-1324-4283-AAFF-68BDDBE77888} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-09-22] (Dell Inc.)
    Task: {C1049182-F3E8-44C1-AE80-B12349D0EE32} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {C68423AD-E8FD-49FC-AF08-D0449FC6E670} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)
    Task: {DEDD8B8B-57A9-473A-8804-D3467414B2F8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP I87918H
    Task: C:\WINDOWS\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job => C:\Users\luft3\AppData\Roaming\6559AC~1\SYNCVE~1.EXE <==== ATTENTION

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-23 09:45 - 2017-10-07 08:50 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2016-03-31 15:23 - 2013-12-27 13:02 - 000192512 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.EXE
    2016-03-31 15:14 - 2014-04-14 21:59 - 000253776 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-11-02 00:05 - 2016-11-02 00:05 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
    2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-10-05 08:53 - 2017-10-05 08:53 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
    2017-08-23 07:51 - 2017-08-23 07:52 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-08-23 07:51 - 2017-08-23 07:52 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-08-23 07:51 - 2017-08-23 07:52 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-08-23 07:51 - 2017-08-23 07:52 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-09-28 08:36 - 2017-09-28 08:37 - 026118656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2017-09-28 08:36 - 2017-09-28 08:37 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-08-29 07:53 - 2017-08-29 07:54 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-09-28 08:36 - 2017-09-28 08:37 - 011470848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17082.14121.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2017-07-25 07:48 - 2017-07-25 07:49 - 006909952 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.11.1641.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll
    2017-08-31 07:58 - 2017-08-31 07:59 - 015456768 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.21.2212.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
    2016-03-31 15:10 - 2014-12-08 03:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
    2014-12-08 18:28 - 2014-12-08 18:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
    2016-12-21 11:24 - 2016-12-21 11:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
    2015-06-23 19:26 - 2015-06-23 19:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 03:24 - 2017-10-03 10:07 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 rp.yefeneri2.com
    0.0.0.0 os.yefeneri2.com
    0.0.0.0 os2.yefeneri2.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\luft3\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
    HKU\S-1-5-21-638263750-3043422666-3586077781-1001\...\StartupApproved\Run: => "CyberGhost"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{F10EA7ED-F6DA-495E-B2F5-62D1D0C75508}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{BB661118-2E6C-42E8-B6F1-281631A4EDEA}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
    FirewallRules: [{24EC27B9-5342-44B3-8455-789BA0A20348}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3C603DCA-BA28-4424-AB9C-F22BF19C54D8}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{94F358BF-6C29-40CE-AB81-B9FF550F8A81}] => (Allow) C:\Users\luft3\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{182D259F-3A1B-4501-B6DC-2DE0F020C158}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{CFF7CFBF-E68B-4DAF-8642-64353C149CAF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{221E3B7A-59D2-45BF-B57D-D9B0A3A30F33}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{60B8DCF7-0323-4FDD-92EE-C95B6B4984EE}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

    ==================== Restore Points =========================

    28-09-2017 19:37:03 Installed Cisco AnyConnect Secure Mobility Client
    07-10-2017 17:05:21 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: TunnelBear Adapter V9
    Description: TunnelBear Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TunnelBear Provider V9
    Service: tap-tb-0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/09/2017 05:57:21 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25449 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Passive Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Passive Policy [2]

    Error: (10/09/2017 05:57:21 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25420 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Critical Policy [1]

    Error: (10/09/2017 05:57:21 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25391 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Active Policy [0]

    Error: (10/09/2017 01:52:32 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25965 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Passive Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Passive Policy [2]

    Error: (10/09/2017 01:52:32 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25938 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Critical Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Critical Policy [1]

    Error: (10/09/2017 01:52:32 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.10900.330) TYPE: ERROR MODULE: DPTF TIME 25909 ms

    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 1002
    Executing Function: PolicyBase::takeControlOfOsc
    Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version: 8.2.10900.330
    DPTF Build Date: May 16 2016 11:32:37
    Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function: EsifServices:rimitiveExecuteSet
    Message: Error returned from ESIF services interface function call
    Participant: NoParticipant
    Domain: NoDomain
    ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance: 255
    ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy: Active Policy [0]

    Error: (10/09/2017 09:08:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5
    Faulting module name: appraiser.dll_unloaded, version: 10.0.15156.1008, time stamp: 0x9e6eb7d4
    Exception code: 0xc0000005
    Fault offset: 0x0000000000001000
    Faulting process id: 0x15ac
    Faulting application start time: 0x01d340fdcec1eeee
    Faulting application path: c:\windows\system32\svchost.exe
    Faulting module path: appraiser.dll
    Report Id: 032e9800-8a02-4ecf-96be-95db072ce0ad
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (10/08/2017 05:36:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-I87918H)
    Description: Package Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (10/08/2017 01:10:02 PM) (Source: Dell System Detect) (EventID: 0) (User: )
    Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
    at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
    at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
    at System.Xml.XmlDocument.CreateElement(String name)
    at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="H0R7772" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="3.6.0" SMBIOSPresent="True" Rel_Date="20160826000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 20-3052" Ident_Num="DESKTOP-I87918H" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.201.8</HostIP></Exception>

    Error: (10/08/2017 01:10:01 PM) (Source: Dell System Detect) (EventID: 0) (User: )
    Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[ at System.Xml.XmlDocument.CheckName(String name)
    at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
    at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
    at System.Xml.XmlDocument.CreateElement(String name)
    at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="H0R7772" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="3.6.0" SMBIOSPresent="True" Rel_Date="20160826000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 20-3052" Ident_Num="DESKTOP-I87918H" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>169.254.201.8</HostIP></Exception>


    System errors:
    =============
    Error: (10/09/2017 05:57:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/09/2017 05:57:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/09/2017 05:57:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.

    Error: (10/09/2017 01:53:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/09/2017 01:53:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/09/2017 01:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.

    Error: (10/09/2017 09:09:37 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (10/09/2017 09:08:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/09/2017 09:08:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (10/09/2017 08:54:36 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x000000000000003f, 0x000000000002d682, 0x0000000026145f07, 0x0000000019f87139). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 83f2f110-8d34-4290-9252-5508dfea9b6f.


    CodeIntegrity:
    ===================================
    Date: 2017-09-12 19:26:31.514
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:26:21.313
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:24:31.360
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:23:53.764
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:23:47.286
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:23:25.456
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:23:01.031
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-12 19:23:00.286
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-07 09:57:41.398
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2017-09-07 09:57:00.844
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU N3150 @ 1.60GHz
    Percentage of memory in use: 52%
    Total physical RAM: 4009.44 MB
    Available physical RAM: 1888.04 MB
    Total Virtual: 4713.44 MB
    Available Virtual: 2424.52 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:329.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: DB65DC3D)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    Result of Security Analysis by Rocket Grannie (x86) Updated: 06 October, 2017
    Running from:C:\Users\luft3\Desktop (18:09:00 - 10/09/2017)
    ***---------------------------------------------------------***
    Microsoft Windows 10 Home X64
    UAC is Enabled
    Internet Explorer 11
    Default Browser: Firefox
    ***------------Antivirus - Antispyware - Firewall-----------***
    Windows Defender (Enabled - up to Date)
    Windows Defender (Enabled - up to Date)
    Windows Firewall (Enabled)
    No other Firewall Installed
    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player NPAPI (27.0.0.130)
    CCleaner (5.35)
    Java (8.0.1440.1)
    Malwarebytes (3.2.2.2029)
    Microsoft Silverlight (5.1.50907.0)
    Mozilla Firefox (56.0)
    SUPERAntiSpyware (6.0.1236)

    ***----------------Analysis Complete-------------------------***
    Last edited by Corrine; 10-10-2017 at 12:00 PM. Reason: Edit to Post Logs


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Hi, Mike56.

    1. Adobe Flash Player was updated today. See Adobe Flash Player Updates for information about getting the latest update.

    2. There are very few reasons why Java is needed on a personal computer. See Java, The Never-Ending Saga and if you decide to keep it, keep in mind that an updated version is scheduled to be released next week, 17 October, 2017.

    3. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lies. Right-click and select "Copy ".

    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 Series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    GroupPolicy: Restriction <==== ATTENTION
    S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
    C:\Windows\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    Task: {1ACA9641-51AD-4BB3-92A9-C5DDDAAF6807} - System32\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715} => C:\Users\luft3\AppData\Roaming\6559ACF4-8F2C-1AEA-7EF5-4D597E726715\syncversion.exe [2013-04-08] () <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job => C:\Users\luft3\AppData\Roaming\6559AC~1\SYNCVE~1.EXE <==== ATTENTION
    EmptyTemp:
    End::
    • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
    • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Okay, I did what you suggested. Here is the log.Fixlog.txt

    Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by luft3 (10-10-2017 19:02:54) Run:1
    Running from C:\Users\luft3\Desktop
    Loaded Profiles: luft3 (Available Profiles: luft3)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 Series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    GroupPolicy: Restriction <==== ATTENTION
    S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
    C:\Windows\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
    Task: {1ACA9641-51AD-4BB3-92A9-C5DDDAAF6807} - System32\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715} => C:\Users\luft3\AppData\Roaming\6559ACF4-8F2C-1AEA-7EF5-4D597E726715\syncversion.exe [2013-04-08] () <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job => C:\Users\luft3\AppData\Roaming\6559AC~1\SYNCVE~1.EXE <==== ATTENTION
    EmptyTemp:

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll => moved successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\System\CurrentControlSet\Services\vpnva => key removed successfully
    vpnva => service removed successfully
    C:\Windows\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully
    HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found.
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => key removed successfully
    HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACA9641-51AD-4BB3-92A9-C5DDDAAF6807} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACA9641-51AD-4BB3-92A9-C5DDDAAF6807} => key removed successfully
    C:\WINDOWS\System32\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715} => key removed successfully
    C:\WINDOWS\Tasks\{6559ACF4-8F2C-1AEA-7EF5-4D597E726715}.job => not found.

    =========== EmptyTemp: ==========

    BITS transfer queue => 7364608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 599973957 B
    Java, Flash, Steam htmlcache => 2828 B
    Windows/system/drivers => 22156781 B
    Edge => 153447011 B
    Chrome => 0 B
    Firefox => 1786330343 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 136608 B
    luft3 => 406958669 B

    RecycleBin => 0 B
    EmptyTemp: => 2.8 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 19:21:11 ====
    Last edited by Corrine; 10-10-2017 at 08:36 PM. Reason: Edit to Post Logs Per Instructions

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Well, "2.8 GB temporary data Removed" should certainly help. Is your computer still running slow?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Well, I don't know. I haven't had time to check it out. I lost an HP printer file that I had to replace. And I did have some connection problems that had to be fixed. Connecting now seems to take longer. I ran another sfc/scannow. Same results. It says there were corrupted files it can't repair.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    In that case, let's clean up the tools we used and then follow axe0's advice and create a new topic in the Windows Update forum. The instructions are here: Windows Update Forum Posting Instructions.

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Okay. Thank you for your help.

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    You're welcome!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Have Had BSOD Memory Management, Need To See If Infected

    By the way. I did remove Java. I am aware of the issues surrounding it. I don't recall how I managed to install it. I think I was doing something one time that said I had to have it. Also, the computer does seem to be operating better. Seems to be much smoother. I use CCleaner from time to time, never the registry tools. I clear cookies and other things on a regular basis. How do I regularly get rid of all the temporary stuff I had that bogs down the system?

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Not only did you eliminate any potential vulnerabilities with Java, that is one less program to keep updated! Smart move not using registry tools! It is also advisable to create a fresh restore point prior to making changes to your computer, including installing any new programs.

    As to temp files, Windows 10 has improved the process of cleaning temporary files. Illustrated instructions are available at How To Safely Delete Temporary Files In Windows 10


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Re: Have Had BSOD Memory Management, Need To See If Infected

    Great. Thanks!

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,249

    Re: Have Had BSOD Memory Management, Need To See If Infected

    You're welcome!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. BSOD Memory Management
    By mike56 in forum BSOD, Crashes, Kernel Debugging
    Replies: 10
    Last Post: 10-13-2017, 10:39 AM
  2. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  3. Memory management, kernal power, system service exception BSOD
    By k12 in forum BSOD, Crashes, Kernel Debugging
    Replies: 4
    Last Post: 07-03-2015, 08:02 PM
  4. BSOD Memory Management Error - Windows 7 x64
    By holypepsi in forum BSOD, Crashes, Kernel Debugging
    Replies: 4
    Last Post: 08-12-2014, 03:42 AM
  5. BSOD Memory Management/irql_not_less_or_equal
    By DoDDy in forum BSOD, Crashes, Kernel Debugging
    Replies: 5
    Last Post: 04-05-2014, 09:24 AM

Log in

Log in