ERUNT error when FRST is run

[Tony D]

When I run FRST a window pops up saying Exception EAccess Violation in module ERUNT.exe. I don't know why ERUNT would be invoked when FRST is run.

MBAM and ESET say the machine is clean.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by Arlene (administrator) on ARLENES-PC (06-06-2017 11:51:48)
Running from C:\Users\Arlene\Desktop
Loaded Profiles: Arlene (Available Profiles: Arlene & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1452634865\ee\aolsoftware.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\shellmon.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-03-13] ()
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-01] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1452634865\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [73584 2015-12-15] (AOL Inc.)
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
Startup: C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2016-02-01]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{13c5ae28-e4a0-43d8-a138-1da6920ed6b5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f57504bd-b9a7-4cd0-94f9-0736dabba385}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-412453059-492028852-2247957718-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
HKU\S-1-5-21-412453059-492028852-2247957718-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> DefaultScope {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-08-16] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-412453059-492028852-2247957718-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0195611496580713mcinstcleanup; C:\WINDOWS\TEMP\019561~1.EXE [883024 2017-06-04] (McAfee, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 11:51 - 2017-06-06 11:52 - 00021739 _____ C:\Users\Arlene\Desktop\FRST.txt
2017-06-06 11:49 - 2017-06-06 11:49 - 04110280 _____ C:\Users\Arlene\Downloads\AdwCleaner.exe
2017-06-06 11:38 - 2017-06-06 11:51 - 00000000 ____D C:\FRST
2017-06-06 11:31 - 2017-06-06 11:49 - 02433536 _____ (Farbar) C:\Users\Arlene\Desktop\FRST64.exe
2017-06-06 11:10 - 2017-06-06 11:50 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-06 11:10 - 2017-06-06 11:10 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-06 09:20 - 2017-06-06 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-06-06 09:18 - 2017-06-06 09:18 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-06 09:16 - 2017-06-06 09:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-06 09:15 - 2017-06-06 09:15 - 00000020 ___SH C:\Users\Arlene\ntuser.ini
2017-06-04 11:06 - 2017-06-04 11:06 - 00000000 ____D C:\Windows.old
2017-06-04 11:05 - 2017-06-04 11:05 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 21352176 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 19334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 08320928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02651136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-04 11:05 - 2017-06-04 11:05 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-04 11:05 - 2017-06-04 11:05 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-04 11:05 - 2017-06-04 11:05 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-04 11:05 - 2017-06-04 11:05 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-04 11:05 - 2017-06-04 11:05 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-04 11:05 - 2017-06-04 11:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-04 11:05 - 2017-06-04 11:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-04 11:05 - 2017-06-04 11:05 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-04 11:05 - 2017-06-04 11:05 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-04 11:05 - 2017-06-04 11:05 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-04 11:05 - 2017-06-04 11:05 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-04 11:05 - 2017-06-04 11:05 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-04 11:01 - 2017-06-04 11:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-04 11:01 - 2017-06-04 07:09 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\Program Files\MSBuild
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-04 10:59 - 2017-06-04 10:59 - 00000000 ____D C:\inetpub
2017-06-04 10:58 - 2017-06-04 10:58 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-04 10:58 - 2017-02-10 15:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-04 10:58 - 2017-02-10 15:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-04 10:58 - 2017-02-10 15:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-04 10:58 - 2017-02-10 15:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-04 10:58 - 2017-02-10 15:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-04 10:58 - 2017-02-10 15:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-04 07:31 - 2017-06-04 07:31 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-04 07:31 - 2017-06-04 07:31 - 00000000 ____D C:\ProgramData\USOShared
2017-06-04 07:28 - 2017-06-04 07:30 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-04 07:28 - 2017-06-04 07:30 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-04 07:25 - 2017-06-06 09:24 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DC375D9A-215B-47D7-8C99-57E16D915B51}
2017-06-04 07:25 - 2017-06-06 09:19 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-04 07:25 - 2017-06-06 08:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-04 07:25 - 2017-06-04 07:25 - 00003810 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-06-04 07:25 - 2017-06-04 07:25 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-04 07:25 - 2017-06-04 07:25 - 00003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-04 07:25 - 2017-06-04 07:25 - 00003310 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-06-04 07:25 - 2017-06-04 07:25 - 00003094 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-06-04 07:25 - 2017-06-04 07:25 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-06-04 07:25 - 2017-06-04 07:25 - 00002980 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-06-04 07:25 - 2017-06-04 07:25 - 00002678 _____ C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
2017-06-04 07:25 - 2017-06-04 07:25 - 00002486 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-06-04 07:25 - 2017-06-04 07:25 - 00002178 _____ C:\WINDOWS\System32\Tasks\{000546CD-F392-477E-BBC7-D69022AC5A67}
2017-06-04 07:25 - 2017-06-04 07:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-04 07:25 - 2017-06-04 07:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-04 07:25 - 2017-06-04 07:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-06-04 07:18 - 2017-06-04 07:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-04 07:15 - 2017-06-04 07:19 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-04 07:15 - 2017-06-04 07:15 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-06-04 07:13 - 2017-06-06 09:16 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-04 07:13 - 2017-06-06 09:15 - 00000000 ____D C:\Users\Arlene
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\Arlene\My Documents
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\Arlene\Documents\My Videos
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\Arlene\Documents\My Pictures
2017-06-04 07:13 - 2017-06-04 07:13 - 00000000 _SHDL C:\Users\Arlene\Documents\My Music
2017-06-04 07:12 - 2017-06-06 08:59 - 01075336 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-04 07:12 - 2017-06-04 07:23 - 01037570 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-04 07:11 - 2017-06-06 09:15 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-04 07:11 - 2017-06-04 07:15 - 00000000 ____D C:\Program Files\Intel
2017-06-04 07:11 - 2017-06-04 07:11 - 00849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-06-04 07:11 - 2017-06-04 07:11 - 00192907 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2017-06-04 07:11 - 2017-06-04 07:11 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2017-06-04 07:11 - 2017-06-04 07:11 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2017-06-04 07:11 - 2017-06-04 07:11 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 ____D C:\Program Files\Realtek
2017-06-04 07:11 - 2017-06-04 07:11 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-04 07:11 - 2017-03-18 16:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-04 07:11 - 2017-03-13 23:20 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-04 07:10 - 2017-06-04 07:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-06-04 07:09 - 2017-06-06 11:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-04 07:09 - 2017-06-06 08:54 - 00312720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-29 19:40 - 2017-06-04 07:31 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-25 16:49 - 2017-05-25 16:49 - 00000000 ____D C:\Users\Arlene\AppData\Local\UNP
2017-05-25 16:43 - 2017-06-04 07:19 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-25 16:43 - 2017-05-25 16:44 - 00000000 ____D C:\Program Files\UNP
2017-05-25 16:38 - 2017-05-25 16:38 - 00004056 _____ C:\Users\Arlene\Desktop\Mother out front (cropped) 522 - Shortcut.lnk
2017-05-09 19:40 - 2017-03-04 02:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-09 15:58 - 2017-05-09 16:32 - 00001406 _____ C:\Users\Arlene\Desktop\ANDH STUFF- Shortcut (2).lnk
2017-05-09 15:56 - 2017-05-09 16:25 - 00001100 _____ C:\Users\Arlene\Desktop\Ads for hiring, selling, etc - Shortcut.lnk
2017-05-09 15:50 - 2017-05-09 16:27 - 00000000 ____D C:\Users\Arlene\Desktop\Literary Documents
2017-05-09 15:47 - 2017-05-09 16:34 - 00000000 ____D C:\Users\Arlene\Desktop\ADH religion related

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-06 11:45 - 2015-06-10 04:02 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-06-06 11:22 - 2017-03-18 17:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-06 11:19 - 2017-03-18 16:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-06 10:26 - 2017-04-06 14:30 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-06 10:26 - 2017-04-06 14:30 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-06 09:52 - 2017-03-18 17:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-06 09:52 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-06 09:33 - 2016-03-08 17:23 - 00000000 ____D C:\Users\Arlene\AppData\Local\Packages
2017-06-06 09:22 - 2016-01-12 17:42 - 00000000 ____D C:\Users\Arlene\AppData\Roaming\AOL
2017-06-06 09:19 - 2016-03-08 17:30 - 00002410 _____ C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-06 09:19 - 2016-03-08 17:30 - 00000000 ___RD C:\Users\Arlene\OneDrive
2017-06-06 09:17 - 2016-10-12 19:11 - 00000000 ____D C:\Users\Arlene\AppData\Local\ConnectedDevicesPlatform
2017-06-06 09:16 - 2017-03-18 17:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-06 09:16 - 2016-03-08 17:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-06 09:15 - 2015-08-10 18:23 - 00000000 __SHD C:\Users\Arlene\IntelGraphicsProfiles
2017-06-06 09:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-04 11:08 - 2017-03-18 17:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-04 11:06 - 2017-03-18 17:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-04 11:06 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-04 11:06 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-04 10:59 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-04 10:59 - 2017-03-18 16:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-04 10:59 - 2017-03-18 16:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-04 10:59 - 2017-03-18 16:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-04 10:59 - 2017-03-18 16:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-04 10:59 - 2017-03-18 16:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-04 10:59 - 2017-03-18 16:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-04 10:59 - 2017-03-18 16:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-04 10:59 - 2017-03-18 16:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-04 10:59 - 2017-03-18 16:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-04 10:59 - 2017-03-18 16:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-04 10:59 - 2017-03-18 16:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-04 10:59 - 2017-03-18 16:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-04 10:59 - 2017-03-18 16:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-04 10:59 - 2017-03-18 16:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-04 10:59 - 2017-03-18 16:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-04 10:59 - 2017-03-18 16:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-04 10:59 - 2017-03-18 16:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-04 07:31 - 2017-03-18 17:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-04 07:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-04 07:30 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-04 07:28 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-04 07:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-04 07:25 - 2017-03-18 22:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-04 07:25 - 2016-03-03 17:01 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-04 07:24 - 2017-03-18 17:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-04 07:24 - 2017-03-18 17:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-04 07:20 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-04 07:20 - 2017-03-18 07:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-04 07:19 - 2017-04-06 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-04 07:19 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-04 07:19 - 2017-03-18 07:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-06-04 07:19 - 2016-01-12 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2017-06-04 07:19 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-06-04 07:19 - 2015-08-10 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-06-04 07:19 - 2015-08-10 18:08 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-04 07:19 - 2015-08-04 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-04 07:19 - 2015-06-10 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB
2017-06-04 07:19 - 2015-06-10 04:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-04 07:19 - 2015-06-10 03:56 - 00000000 ____D C:\WINDOWS\system32\nn-NO
2017-06-04 07:19 - 2015-06-10 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-06-04 07:19 - 2015-06-10 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-04 07:16 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-04 07:16 - 2017-01-24 13:22 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-06-04 07:16 - 2015-08-10 18:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-04 07:15 - 2017-03-18 17:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-04 07:15 - 2015-08-10 18:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-06-04 07:15 - 2015-06-10 03:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2017-06-04 07:15 - 2015-06-10 03:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2017-06-04 07:14 - 2016-02-25 21:10 - 00000000 ___RD C:\Users\Arlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-06-04 07:12 - 2017-03-18 07:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-04 06:45 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-29 20:02 - 2017-03-15 17:18 - 00001073 _____ C:\Users\Arlene\Desktop\AOL Desktop.lnk
2017-05-29 17:57 - 2017-03-15 17:17 - 00001285 _____ C:\Users\Arlene\Desktop\Internet Explorer (2).lnk
2017-05-25 16:43 - 2015-08-10 18:16 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-25 16:36 - 2015-10-02 13:18 - 00000457 _____ C:\Users\Arlene\Desktop\ADH Pictures.lnk
2017-05-11 11:06 - 2015-06-10 04:00 - 00000000 ____D C:\ProgramData\PCDr
2017-05-09 16:42 - 2015-10-13 13:19 - 00000000 ____D C:\Users\Arlene\Desktop\House & Garden
2017-05-09 16:24 - 2015-10-13 13:19 - 00000000 ____D C:\Users\Arlene\Desktop\ADH
2017-05-09 16:09 - 2016-10-26 03:55 - 00000799 _____ C:\Users\Arlene\Desktop\Documents - Shortcut.lnk
2017-05-09 16:07 - 2017-01-24 17:37 - 00000000 ____D C:\Users\Arlene\Documents\TENNIS on Windows 10
2017-05-09 16:06 - 2017-01-24 17:24 - 00001593 _____ C:\Users\Arlene\Desktop\Ladderfor2017(June2016) - Shortcut.lnk

==================== Files in the root of some directories =======

2015-08-04 17:44 - 2015-08-04 17:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-06-04 07:11 - 2017-06-04 07:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-22 18:26 - 2016-11-22 18:29 - 0000636 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-04 07:09

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Arlene (06-06-2017 11:52:59)
Running from C:\Users\Arlene\Desktop
Windows 10 Pro Version 1703 (X64) (2017-06-04 11:31:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-412453059-492028852-2247957718-500 - Administrator - Disabled)
Arlene (S-1-5-21-412453059-492028852-2247957718-1001 - Administrator - Enabled) => C:\Users\Arlene
DefaultAccount (S-1-5-21-412453059-492028852-2247957718-503 - Limited - Disabled)
Guest (S-1-5-21-412453059-492028852-2247957718-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-412453059-492028852-2247957718-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.330 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05ED5C42-DF34-4E01-B4B3-E75898B348B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1653737C-33A7-4831-A25A-519F80AD9D72} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2A75BE72-570B-40BA-8CD4-764A708CA97F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {59418913-1FF9-4082-8648-FD8BB18F2D57} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {63221112-34CF-4879-B278-6F7897D419FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {69175187-8D8E-4837-866B-573355CA22CB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {69D3EE01-386B-424D-8C84-F162034B4E1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {6AEC078E-143C-49AF-902C-A068AD22B06D} - System32\Tasks\{000546CD-F392-477E-BBC7-D69022AC5A67} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F98FE22-643B-40FE-AC08-629EE77F8D99} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {8B29E971-D7C0-4E01-9078-C730188C2325} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8F4A3E2E-11FD-47C6-9C9B-37E94139D884} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {988110E1-9D57-4126-AE37-81BDBE8AC5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A9B260C7-B43A-4FE7-8154-B7ABDA40EDB1} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {AD527BE7-82A0-4FA4-9FF0-16AD4FA106B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ADC07769-4CB6-4A83-BBF8-99B4CF5784F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {AE88348F-AEC8-4DD7-9473-F5F0ED520E0B} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BAEA9D57-F436-4224-A17D-D62D9555A88C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {BB0AE382-631E-4A21-8AAC-5B207561B61E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C38AED1C-4661-48E6-BC7B-E4434A8980B5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CA362233-3CF1-4D06-926D-733CE4016A44} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {CCBE7D0D-DFED-4EA4-A2BD-4A1288F7C10A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D8A4DDF9-8344-4782-8ADD-36D6A21CD9C1} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E27DFC19-A841-44FD-9917-1DBB817E34F9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {E51DE92E-5D4B-4227-A5C9-AC7540C801DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {EAC31401-9F6C-4FD4-9018-ECF5985C2D7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EB734531-42AF-4E68-8534-D6C881EA2875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED544366-6BCB-4730-BA7D-5F5AC4FA1F18} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FF2CB68F-A404-4CB2-86A2-07A7CDD0E690} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 00410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-25 16:46 - 2017-05-25 16:47 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-25 16:46 - 2017-05-25 16:47 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-25 16:46 - 2017-05-25 16:47 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-25 16:46 - 2017-05-25 16:47 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-06 14:29 - 2017-06-06 10:26 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-05-08 16:11 - 2017-05-08 16:11 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-05-08 16:11 - 2017-05-08 16:11 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-05-08 16:11 - 2017-05-08 16:11 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-10 03:53 - 2013-12-09 18:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-05 12:17 - 2015-12-18 18:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-06-10 04:02 - 2012-11-25 10:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-06-10 04:02 - 2014-02-18 02:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\zlib.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libcef.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libglesv2.dll
2015-12-15 12:14 - 2015-12-15 12:14 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.8.2\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Arlene\Desktop\ADH:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Desktop\Ads for hiring, selling, etc:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Desktop\Aol Email.url:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Desktop\Complete Desktop:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Desktop\Fun animal pix:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Desktop\House & Garden:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Documents\Important Files & Documents:Mac_Metadata [42]
AlternateDataStreams: C:\Users\Arlene\Documents\Old Dell Favorites:Mac_Metadata [42]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-412453059-492028852-2247957718-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7934D18B-1AD5-4E31-8DCE-39C9FB714121}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{AA7B40CC-E6D6-4063-A089-69023050819F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D6B74224-F3D6-4442-8D92-CA9D12382DB4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{65C6F055-E819-48AB-A558-64D6D429B1BE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{AC6D5E73-BF05-4124-BAF3-F82C3E977E94}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A0FDB20C-1D64-4383-BBF4-37B5B5EF6058}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{FA0D0F73-FE17-48CA-8FD8-B45B5777F8D4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{F4F084C0-36C6-47B9-9575-545D61E89A5C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{2B1D5A02-AAF0-4221-9835-3C8E5A64F3F7}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{14698988-4304-4C64-8851-2A7F38938F2D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{9EA58137-005C-4BDE-A63C-C108B759D5EF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1452634865\ee\aolsoftware.exe
FirewallRules: [{C13EDB9F-F998-49B2-A2CD-75F1BF74831F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1452634865\ee\aolsoftware.exe
FirewallRules: [{3C560C0F-DCD1-4902-AD17-A945E96522FB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{A76C723F-351A-49D4-9DA8-ACEE5C0B27A5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{0378C89B-AA5A-4317-ADFD-229AA10C506A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{E376ED8C-39F4-45AF-933B-F54FCE94455B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{59DBD1D2-6CB8-485C-9226-DB640ED56687}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AD6FCC65-1520-45EE-9391-D03298E9311A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{78122904-756C-4E37-BF17-24F3CDCF1FB7}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{3C763A02-939A-4F79-941C-DFA51BC6DF00}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{DBD9DCB6-BFDC-4947-916D-B4DBF9D2200F}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{5F47410E-0F0B-4B08-8A30-38E26CA6F7B8}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{CC7C2701-5CEB-4481-9DDE-F083444883CE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

==================== Restore Points =========================

06-06-2017 11:18:50 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2017 09:17:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Arlenes-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2017 09:01:35 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/06/2017 09:00:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSync.exe, version: 15.0.166.0, time stamp: 0x577e3dec
Faulting module name: McSync.exe, version: 15.0.166.0, time stamp: 0x577e3dec
Exception code: 0xc0000005
Fault offset: 0x0000000000086788
Faulting process id: 0xf98
Faulting application start time: 0x01d2dec4d16318d9
Faulting application path: C:\PROGRA~1\McAfee\MSC\McSync.exe
Faulting module path: C:\PROGRA~1\McAfee\MSC\McSync.exe
Report Id: c9556aaa-eb95-40b9-a57c-971e1eb6773c
Faulting package full name:
Faulting package-relative application ID:

Error: (06/04/2017 07:27:11 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (06/04/2017 07:25:25 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (06/04/2017 07:25:09 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (06/04/2017 07:24:08 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (06/04/2017 07:23:53 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/04/2017 07:23:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/04/2017 07:23:52 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (06/06/2017 09:41:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/06/2017 09:41:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arlene\AppData\Local\Temp\ehdrv.sys

Error: (06/06/2017 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/06/2017 09:41:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arlene\AppData\Local\Temp\ehdrv.sys

Error: (06/06/2017 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/06/2017 09:41:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arlene\AppData\Local\Temp\ehdrv.sys

Error: (06/06/2017 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/06/2017 09:41:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arlene\AppData\Local\Temp\ehdrv.sys

Error: (06/06/2017 09:41:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/06/2017 09:41:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Arlene\AppData\Local\Temp\ehdrv.sys


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz
Percentage of memory in use: 28%
Total physical RAM: 8108.94 MB
Available physical RAM: 5797.72 MB
Total Virtual: 16300.94 MB
Available Virtual: 13325.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:859.54 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.54 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 5578CA3F)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[starbuck]

Hi Tony,

I don't know why ERUNT would be invoked when FRST is run.

Think about the line in the Malware removal prep guide......

When FRST is run it will make a backup of your registry before compiling the report.

No prize for guessing what Frst uses to backup your registry
There has been a few odd times when members have had an error thrown up from Erunt..... But Farbar hasn't managed to recreate it.
It does seem as though this only relates to the backup... Frst will still run fine.

Nothing malicious in the report, but there are some items that should be cleaned up.
Before I do that, I see that this system has AOL Desktop installed... is it actually used?
It hasn't been updated for a couple of years and was officially discontinued in April this year.

 

[Tony D]

You mean this When FRST is run it will make a backup of your registry before compiling the report.
How about that. Yes I missed it.

She does use the AOL Desktop. I just don't get it. I guess we'll have to keep Viewpoint?

This is the first W10 Creators update machine I've seen. Can't get to the Control Panel by right-clicking in the corner any more.

 

[starbuck]

Hi Tony,

You mean this When FRST is run it will make a backup of your registry before compiling the report.
How about that. Yes I missed it.

If you ever need the backups, they are stored in:
C:/FRST/Hives

She does use the AOL Desktop. I just don't get it.

Me neither.
We'll leave the AOL entries alone then.

This is the first W10 Creators update machine I've seen.
Can't get to the Control Panel by right-clicking in the corner any more.

That's right, for some unknown reason M$ have removed it.
You can still get to it by typing 'Control Panel' in the search box though.

Now the fix.
We'll get you to try the new fix routine that Farbar has added.
It doesn't need the fixlist to be saved to the machine.
FRST can now read the script from the clipboard.
Copy the script within the quote box below: (make sure that you include Start:: and End:: as these are the clipboard notifiers.

Start::
CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> DefaultScope {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
FF Plugin HKU\S-1-5-21-412453059-492028852-2247957718-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
U3 idsvc; no ImagePath
Task: {2A75BE72-570B-40BA-8CD4-764A708CA97F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63221112-34CF-4879-B278-6F7897D419FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {69D3EE01-386B-424D-8C84-F162034B4E1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8B29E971-D7C0-4E01-9078-C730188C2325} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {988110E1-9D57-4126-AE37-81BDBE8AC5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD527BE7-82A0-4FA4-9FF0-16AD4FA106B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE88348F-AEC8-4DD7-9473-F5F0ED520E0B} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {BB0AE382-631E-4A21-8AAC-5B207561B61E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C38AED1C-4661-48E6-BC7B-E4434A8980B5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CCBE7D0D-DFED-4EA4-A2BD-4A1288F7C10A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EAC31401-9F6C-4FD4-9018-ECF5985C2D7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EB734531-42AF-4E68-8534-D6C881EA2875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED544366-6BCB-4730-BA7D-5F5AC4FA1F18} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FF2CB68F-A404-4CB2-86A2-07A7CDD0E690} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

The tool will make a log in the same directory that FRST is run from (Fixlog.txt).
Please post this in your next reply.

 

[Tony D]

FRST must have read the clipboard. I just opened FRST and clicked on fix. No muss, no Fuss.

Thanks

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Arlene (06-06-2017 14:38:27) Run:1
Running from C:\Users\Arlene\Desktop
Loaded Profiles: Arlene (Available Profiles: Arlene & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64"
HKU\S-1-5-21-412453059-492028852-2247957718-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Arlene\AppData\Local\Microsoft\OneDrive\17.3.6799.0327"
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> DefaultScope {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
SearchScopes: HKU\S-1-5-21-412453059-492028852-2247957718-1001 -> {22EFBA16-AC38-4606-85B7-22333B9C4519} URL =
FF Plugin HKU\S-1-5-21-412453059-492028852-2247957718-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Arlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll [No File]
U3 idsvc; no ImagePath
Task: {2A75BE72-570B-40BA-8CD4-764A708CA97F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63221112-34CF-4879-B278-6F7897D419FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {69D3EE01-386B-424D-8C84-F162034B4E1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8B29E971-D7C0-4E01-9078-C730188C2325} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {988110E1-9D57-4126-AE37-81BDBE8AC5F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD527BE7-82A0-4FA4-9FF0-16AD4FA106B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE88348F-AEC8-4DD7-9473-F5F0ED520E0B} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {BB0AE382-631E-4A21-8AAC-5B207561B61E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C38AED1C-4661-48E6-BC7B-E4434A8980B5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CCBE7D0D-DFED-4EA4-A2BD-4A1288F7C10A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EAC31401-9F6C-4FD4-9018-ECF5985C2D7D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EB734531-42AF-4E68-8534-D6C881EA2875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED544366-6BCB-4730-BA7D-5F5AC4FA1F18} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {FF2CB68F-A404-4CB2-86A2-07A7CDD0E690} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKU\S-1-5-21-412453059-492028852-2247957718-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6799.0327\amd64 => value removed successfully
HKU\S-1-5-21-412453059-492028852-2247957718-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 17.3.6799.0327 => value removed successfully
HKU\S-1-5-21-412453059-492028852-2247957718-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-412453059-492028852-2247957718-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{22EFBA16-AC38-4606-85B7-22333B9C4519} => key removed successfully
HKCR\CLSID\{22EFBA16-AC38-4606-85B7-22333B9C4519} => key not found.
HKU\S-1-5-21-412453059-492028852-2247957718-1001\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin => key removed successfully
C:\Users\Arlene\AppData\Local\Citrix\Plugins\104\npappdetector.dll => not found.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A75BE72-570B-40BA-8CD4-764A708CA97F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A75BE72-570B-40BA-8CD4-764A708CA97F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63221112-34CF-4879-B278-6F7897D419FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63221112-34CF-4879-B278-6F7897D419FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69D3EE01-386B-424D-8C84-F162034B4E1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D3EE01-386B-424D-8C84-F162034B4E1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B29E971-D7C0-4E01-9078-C730188C2325} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B29E971-D7C0-4E01-9078-C730188C2325} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{988110E1-9D57-4126-AE37-81BDBE8AC5F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{988110E1-9D57-4126-AE37-81BDBE8AC5F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD527BE7-82A0-4FA4-9FF0-16AD4FA106B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD527BE7-82A0-4FA4-9FF0-16AD4FA106B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE88348F-AEC8-4DD7-9473-F5F0ED520E0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE88348F-AEC8-4DD7-9473-F5F0ED520E0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB0AE382-631E-4A21-8AAC-5B207561B61E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB0AE382-631E-4A21-8AAC-5B207561B61E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C38AED1C-4661-48E6-BC7B-E4434A8980B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C38AED1C-4661-48E6-BC7B-E4434A8980B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCBE7D0D-DFED-4EA4-A2BD-4A1288F7C10A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCBE7D0D-DFED-4EA4-A2BD-4A1288F7C10A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAC31401-9F6C-4FD4-9018-ECF5985C2D7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAC31401-9F6C-4FD4-9018-ECF5985C2D7D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB734531-42AF-4E68-8534-D6C881EA2875} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB734531-42AF-4E68-8534-D6C881EA2875} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED544366-6BCB-4730-BA7D-5F5AC4FA1F18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED544366-6BCB-4730-BA7D-5F5AC4FA1F18} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF2CB68F-A404-4CB2-86A2-07A7CDD0E690} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF2CB68F-A404-4CB2-86A2-07A7CDD0E690} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14310125 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 961818 B
Edge => 30002529 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 37 B
systemprofile32 => 128 B
LocalService => 1642 B
NetworkService => 36448872 B
Arlene => 24496524 B
DefaultAppPool => 0 B

RecycleBin => 13626547 B
EmptyTemp: => 120.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:38:47 ====

 

[starbuck]

I just opened FRST and clicked on fix. No muss, no Fuss.

I've tried it myself a couple of times, but you're the first active report that I've tried it on.
It is a lot easier.

Fix seems to have completed properly.
Like I said earlier, there wasn't any malicious entries showing.
What we removed was just orphan entries.

Is the system running ok?

 

[Tony D]

Yes, the machine runs fine. She complained that it hangs (not responding). I haven't seen it.

 

[starbuck]

She complained that it hangs (not responding). I haven't seen it.

System has plenty of Ram and free space on the HDD.
Is the problem with programs in general or when using the internet?
I wouldn't say the AOL Desktop is an ideal program to run on Win10..... It hasn't been updated since Win10 came on the market.
Maybe this is the problem.... or that McAfee stuff on the system.

 

[Tony D]

System has plenty of Ram and free space on the HDD.

and a decent processor

Is the problem with programs in general or when using the internet?

I believe Internet.

I wouldn't say the AOL Desktop is an ideal program to run on Win10..... It hasn't been updated since Win10 came on the market.
Maybe this is the problem.... or that McAfee stuff on the system.

Yeah

 

[Tony D]

Pete, I learn something from you each and every time.

 

[starbuck]

Thanks Tony.
Am always glad to pass on any helpful information.