1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress I keep getting "watchtv.now pop ups on screen

Discussion in 'Virus & Other Malware Removal' started by pjgolf, Apr 2, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    I don't know how this "watchtv.now" got on my computer. I use Chrome, and looked at my extensions. Didn't see any new ones. Do you have any suggestions on how I can remove it. Thanks

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz, Intel64 Family 6 Model 142 Stepping 9
    Processor Count: 4
    RAM: 12157 Mb
    Graphics Card: Intel(R) HD Graphics 620, 1024 Mb
    Hard Drives: C: 453 GB (365 GB Free);
    Motherboard: Dell Inc., 0M73KR
    Antivirus: Windows Defender, Disabled
     
  2. DaveA

    DaveA Trusted Advisor Spam Fighter

    Joined:
    Nov 16, 1999
    Messages:
    16,077
    First Name:
    David
    Have you scanned your system with Malwarebytes?
     
  3. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    I have requested that this thread be moved to Virus/Malware Removal.
     
  4. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    I have ClamWin Antivirus, plus Windows Defender. Don't know what else I could try.
     
  5. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    Thank you. Wasn't sure whether to post it on VirusMalware Removal or this one. Hopefully, someone can help me.
     
  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything during the cleanup, please ask.
    --------------------

    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this, along with FRST.txt, to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  7. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    I have downloaded the Farbar Recovery Scan Tool, and have saved the 2 text files. My question is, you want me to upload them, but will the info on my computer be made public, or is it just for your "eyes". I'm just leary about posting info from my computer for the public to read. Do I use this forum to upload the files.....
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    Hi,

    As per the forum rules, all support must be provided in the public forum:

    From the Forum Rules:
    I am sorry, but if I can't see the logs produced by FRST, I'll be unable to assist with the issue.
     
  9. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    Here is the info requested. I have also attached the "Addition". Thanks..... Patty

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
    Ran by pjd1 (administrator) on PATTY-DELL5578 (03-04-2019 02:58:53)
    Running from C:\Users\pjd1\Desktop
    Loaded Profiles: pjd1 (Available Profiles: pjd1)
    Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe
    (Entertainment Experience LLC -> ) C:\Program Files\TrueColor\TrueColorALS.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel Corporation -> IntelĀ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxext.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe
    (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Dell Inc.) [File not signed] C:\Program Files\Dell\QuickSet\quickset.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (SkyHawke Technologies, LLC -> SkyHawke) C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
    (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\pcdrwi.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
    (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Wilcom International Pty Limited -> Wilcom Pty Ltd) C:\Program Files (x86)\Wilcom\Wilcom Shell Extension\BIN\WilcomShellEngine.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell\Update\DellUpdate.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
    () [File not signed] C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.6.0_x86__7kk3kr9e0p1np\RoboFormCompanion.exe
    (alch) [File not signed] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
    (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (BriTon Leap, inc.) [File not signed] C:\Program Files (x86)\Babylock\Designer's Gallery\Gallery.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    () [File not signed] C:\EMBIRD32\EMBIRD.EXE
    (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-chrome-nm-host.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dell Inc. -> ) C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.30.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    ==================== Registry (Whitelisted) ===========================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3912192 2017-01-05] (Dell Inc.) [File not signed]
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1488360 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [TrueColor UI] => [X]
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-27] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [555624 2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [403048 2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-29] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [CaddieSyncConduit] => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe [2295752 2018-07-31] (SkyHawke Technologies, LLC -> SkyHawke)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
    HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2018-03-03] (alch) [File not signed]
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [145704 2019-03-30] (Siber Systems -> Siber Systems)
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\pjd1\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\pjd1\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\RunOnce: [Uninstall 19.012.0121.0011\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\pjd1\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\amd64"
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\RunOnce: [Uninstall 19.012.0121.0011] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\pjd1\AppData\Local\Microsoft\OneDrive\19.012.0121.0011"
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\...\MountPoints2: {5a480356-7361-11e8-8186-7c67a2af8aa6} - "D:\disk1\setup.exe"
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\Installer\chrmstp.exe [2019-03-26] (Google LLC -> Google Inc.)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{c6e8bb22-23a0-4864-8fc7-cc89c7cb10a4}: [DhcpNameServer] 172.41.1.172
    Tcpip\..\Interfaces\{dfdca699-c3d5-453a-ab03-03aa40244891}: [DhcpNameServer] 192.168.1.1
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
    SearchScopes: HKU\S-1-5-21-1271785307-3524801948-1114839763-1001 -> DefaultScope {344A8554-D400-4CBF-A77C-EB6837A4198B} URL =
    SearchScopes: HKU\S-1-5-21-1271785307-3524801948-1114839763-1001 -> {344A8554-D400-4CBF-A77C-EB6837A4198B} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-30] (Siber Systems -> Siber Systems Inc.)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-30] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-30] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2019-03-30] (Siber Systems -> Siber Systems Inc.)
    Toolbar: HKU\S-1-5-21-1271785307-3524801948-1114839763-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2019-03-30] (Siber Systems -> Siber Systems Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    Edge:
    ======
    Edge Extension: (RoboForm) -> EdgeExtension_SiberSystemsIncRoboFormEdge_7kk3kr9e0p1np => C:\Program Files\WindowsApps\SiberSystemsInc.RoboFormEdge_8.5.6.0_x86__7kk3kr9e0p1np [2019-02-27]
    FireFox:
    ========
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-06-15] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/docs/documents/images/kix-favicon6.ico
    CHR Profile: C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default [2019-04-03]
    CHR Extension: (Slides) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
    CHR Extension: (Docs) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
    CHR Extension: (Google Drive) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-30]
    CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2019-03-26]
    CHR Extension: (YouTube) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-30]
    CHR Extension: (Honey) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-02-14]
    CHR Extension: (Ebates Rakuten: Get Cash Back For Shopping) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-04-03]
    CHR Extension: (Google Docs) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\djphohapicejmpdkcdjpjeflcpnjniib [2018-01-29]
    CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2019-03-24]
    CHR Extension: (Adobe Acrobat) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-02]
    CHR Extension: (Google Play Music) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-26]
    CHR Extension: (Sheets) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
    CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2019-02-28]
    CHR Extension: (Google Docs Offline) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
    CHR Extension: (Untitled spreadsheet - Google Sheets) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcniaobhlifpgdcoookgmimlmeplpali [2018-01-29]
    CHR Extension: (Solitaire) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2019-01-16]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-12-24]
    CHR Extension: (Google Docs) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchdnphgabgdkcjghmfafmkehcgcamgn [2018-01-29]
    CHR Extension: (Google Hangouts) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-03-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-03]
    CHR Extension: (ArcadeFrontier Ads) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2018-12-26]
    CHR Extension: (Gmail) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-30]
    CHR Extension: (Chrome Media Router) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-27]
    CHR Extension: (RoboForm Password Manager) - C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2019-03-29]
    CHR Profile: C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-28]
    CHR Profile: C:\Users\pjd1\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-28]
    CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-03-30]
    CHR HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2019-03-30]
    ==================== Services (Whitelisted) ====================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11150824 2019-03-22] (Microsoft Corporation -> Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-09] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-09] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-03-29] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc -> Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc -> Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc -> Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-05-02] (Dell Inc -> Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1466\DSAPI.exe [1035072 2019-01-09] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
    R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [41008 2018-01-15] (Dell Inc -> Dell Inc.)
    R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [293528 2018-10-20] (Dell Inc -> Dell Inc.)
    R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
    R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation -> Intel Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-11-27] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] (Intel Corporation -> )
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [46632 2017-04-17] (Dell Inc -> Dell)
    R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe [157976 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe [378088 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39384 2018-12-12] (Dell Inc. -> Dell Inc.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11786992 2018-11-14] (TeamViewer GmbH -> TeamViewer GmbH)
    R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93072 2016-12-12] (Entertainment Experience LLC -> )
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-04-02] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-04-02] (Microsoft Corporation -> Microsoft Corporation)
    S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate (Desktop)\Transfer\DriverInstall.exe [105064 2018-05-25] (Wondershare Technology Co.,Ltd -> Wondershare)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel Corporation -> IntelĀ® Corporation)
    ===================== Drivers (Whitelisted) ======================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\BASHDefs\20190325.001\BHDrvx64.sys [1934048 2019-03-11] (Symantec Corporation -> Symantec Corporation)
    R1 ccSettings_{1275C540-B92D-406A-B595-68C2B266A9A8}; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\ccSetx64.sys [174328 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2019-03-21] (Dell Inc. -> )
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
    R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corporation -> Wistron Corp.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation -> Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation -> Intel Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2019-01-16] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-02-04] (Symantec Corporation -> Symantec Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation -> Intel Corporation)
    R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2016-10-29] (Intel(R) Software -> Intel Corporation)
    R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc. -> McAfee, Inc.)
    R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\IPSDefs\20190402.061\IDSvia64.sys [1305072 2019-02-07] (Symantec Corporation -> Symantec Corporation)
    R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
    R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SkyhawkeUSBLan; C:\WINDOWS\System32\drivers\btblan.sys [47600 2010-04-16] (Belcarra Technologies 2005 Corp -> Belcarra Technologies)
    R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSP64.SYS [801920 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSPX64.SYS [49280 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\SyDvCtrl64.sys [44528 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603000.00F\symefasi.sys [1717912 2017-06-30] (Symantec Corporation -> Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\SymELAM.sys [24192 2017-05-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-06-30] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\Ironx64.SYS [308896 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E00096F\00C8.105\x64\SYMNETS.SYS [567448 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [195896 2017-06-30] (Symantec Corporation -> Symantec Corporation)
    R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [121328 2017-05-24] (Symantec Corporation -> Symantec Corporation)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [333792 2019-04-02] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-04-02] (Microsoft Windows -> Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    ==================== One month (created) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-04-03 02:58 - 2019-04-03 03:00 - 000043024 _____ C:\Users\pjd1\Desktop\FRST.txt
    2019-04-03 02:57 - 2019-04-03 02:58 - 000000000 ____D C:\FRST
    2019-04-03 02:56 - 2019-04-03 02:57 - 002434048 _____ (Farbar) C:\Users\pjd1\Desktop\FRST64.exe
    2019-04-03 02:53 - 2019-04-03 02:53 - 001793024 _____ (Farbar) C:\Users\pjd1\Desktop\FRST.exe
    2019-04-02 11:18 - 2019-04-02 11:18 - 000748192 _____ (TechGuy, Inc.) C:\Users\pjd1\Downloads\SysInfo.exe
    2019-03-30 22:38 - 2019-03-30 22:38 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1271785307-3524801948-1114839763-1001
    2019-03-30 22:37 - 2019-03-30 22:37 - 000002412 _____ C:\Users\pjd1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-03-30 20:42 - 2019-03-30 20:42 - 000004396 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
    2019-03-30 20:42 - 2019-03-30 20:42 - 000003796 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
    2019-03-30 03:06 - 2019-03-30 03:06 - 000000000 ____D C:\Users\pjd1\AppData\Roaming\.clamwin
    2019-03-30 03:05 - 2019-03-30 03:05 - 000001236 _____ C:\Users\Public\Desktop\ClamWin Antivirus.lnk
    2019-03-30 03:05 - 2019-03-30 03:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
    2019-03-30 03:05 - 2019-03-30 03:05 - 000000000 ____D C:\ProgramData\.clamwin
    2019-03-30 03:05 - 2019-03-30 03:05 - 000000000 ____D C:\Program Files (x86)\ClamWin
    2019-03-30 02:51 - 2019-03-30 02:52 - 172661090 _____ (alch ) C:\Users\pjd1\Downloads\clamwin-0.99.4-setup.exe
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000002477 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-03-29 22:01 - 2019-03-29 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2019-03-29 21:47 - 2019-03-29 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-03-29 13:57 - 2019-03-29 13:57 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-03-29 13:57 - 2019-03-29 13:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-03-29 13:57 - 2019-03-29 13:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-03-29 13:57 - 2019-03-29 13:57 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-03-29 00:02 - 2019-03-29 00:02 - 000001488 _____ C:\Users\pjd1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alpha Holiday Berries DEF GHI JKL MNO PQR STU VWX YZ.lnk
    2019-03-20 23:58 - 2019-03-20 23:58 - 000001422 _____ C:\Users\pjd1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stained Glass Misc.lnk
    2019-03-14 16:38 - 2019-03-06 05:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-03-14 16:38 - 2019-03-06 02:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-03-14 16:37 - 2019-03-06 11:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-03-14 16:37 - 2019-03-06 11:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2019-03-14 16:37 - 2019-03-06 11:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2019-03-14 16:37 - 2019-03-06 11:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-03-14 16:37 - 2019-03-06 11:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-03-14 16:37 - 2019-03-06 11:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-03-14 16:37 - 2019-03-06 11:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2019-03-14 16:37 - 2019-03-06 11:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2019-03-14 16:37 - 2019-03-06 11:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-03-14 16:37 - 2019-03-06 11:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2019-03-14 16:37 - 2019-03-06 11:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2019-03-14 16:37 - 2019-03-06 11:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-03-14 16:37 - 2019-03-06 11:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2019-03-14 16:37 - 2019-03-06 11:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-03-14 16:37 - 2019-03-06 11:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-03-14 16:37 - 2019-03-06 11:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2019-03-14 16:37 - 2019-03-06 08:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2019-03-14 16:37 - 2019-03-06 08:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-03-14 16:37 - 2019-03-06 08:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-03-14 16:37 - 2019-03-06 08:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-03-14 16:37 - 2019-03-06 08:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2019-03-14 16:37 - 2019-03-06 08:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-03-14 16:37 - 2019-03-06 08:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2019-03-14 16:37 - 2019-03-06 08:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-03-14 16:37 - 2019-03-06 08:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2019-03-14 16:37 - 2019-03-06 07:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-03-14 16:37 - 2019-03-06 05:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-03-14 16:37 - 2019-03-06 05:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-03-14 16:37 - 2019-03-06 05:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-03-14 16:37 - 2019-03-06 05:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2019-03-14 16:37 - 2019-03-06 05:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2019-03-14 16:37 - 2019-03-06 05:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2019-03-14 16:37 - 2019-03-06 05:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-03-14 16:37 - 2019-03-06 05:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2019-03-14 16:37 - 2019-03-06 05:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2019-03-14 16:37 - 2019-03-06 05:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2019-03-14 16:37 - 2019-03-06 05:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-03-14 16:37 - 2019-03-06 05:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-03-14 16:37 - 2019-03-06 05:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2019-03-14 16:37 - 2019-03-06 05:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-03-14 16:37 - 2019-03-06 05:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-03-14 16:37 - 2019-03-06 05:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-03-14 16:37 - 2019-03-06 05:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2019-03-14 16:37 - 2019-03-06 05:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-03-14 16:37 - 2019-03-06 05:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2019-03-14 16:37 - 2019-03-06 05:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-03-14 16:37 - 2019-03-06 05:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
    2019-03-14 16:37 - 2019-03-06 05:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
    2019-03-14 16:37 - 2019-03-06 05:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-03-14 16:37 - 2019-03-06 05:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-03-14 16:37 - 2019-03-06 05:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2019-03-14 16:37 - 2019-03-06 05:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-03-14 16:37 - 2019-03-06 05:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-03-14 16:37 - 2019-03-06 05:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2019-03-14 16:37 - 2019-03-06 05:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-03-14 16:37 - 2019-03-06 05:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-03-14 16:37 - 2019-03-06 05:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-03-14 16:37 - 2019-03-06 05:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-03-14 16:37 - 2019-03-06 05:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2019-03-14 16:37 - 2019-03-06 04:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-03-14 16:37 - 2019-03-06 04:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-03-14 16:37 - 2019-03-06 04:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-03-14 16:37 - 2019-03-06 04:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-03-14 16:37 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-03-14 16:37 - 2019-03-06 04:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-03-14 16:37 - 2019-03-06 04:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2019-03-14 16:37 - 2019-03-06 04:32 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2019-03-14 16:37 - 2019-03-06 04:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2019-03-14 16:37 - 2019-03-06 04:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2019-03-14 16:37 - 2019-03-06 04:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-03-14 16:37 - 2019-03-06 04:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-03-14 16:37 - 2019-03-06 04:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2019-03-14 16:37 - 2019-03-06 04:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-03-14 16:37 - 2019-03-06 04:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-03-14 16:37 - 2019-03-06 04:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-03-14 16:37 - 2019-03-06 04:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-03-14 16:37 - 2019-03-06 04:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-03-14 16:37 - 2019-03-06 04:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-03-14 16:37 - 2019-03-06 04:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2019-03-14 16:37 - 2019-03-06 04:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-03-14 16:37 - 2019-03-06 04:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-03-14 16:37 - 2019-03-06 04:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-03-14 16:37 - 2019-03-06 04:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
    2019-03-14 16:37 - 2019-03-06 04:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
    2019-03-14 16:37 - 2019-03-06 04:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
    2019-03-14 16:37 - 2019-03-06 03:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-03-14 16:37 - 2019-03-06 02:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-03-14 16:37 - 2019-03-06 02:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2019-03-14 16:37 - 2019-03-06 02:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-03-14 16:37 - 2019-03-06 02:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2019-03-14 16:37 - 2019-03-06 02:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2019-03-14 16:37 - 2019-03-06 02:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2019-03-14 16:37 - 2019-03-06 02:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
    2019-03-14 16:37 - 2019-03-06 02:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-03-14 16:37 - 2019-03-06 02:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2019-03-14 16:37 - 2019-03-06 02:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-03-14 16:37 - 2019-03-06 01:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-03-14 16:37 - 2019-03-06 01:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-03-14 16:37 - 2019-03-06 01:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-03-14 16:37 - 2019-03-06 01:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-03-14 16:37 - 2019-03-06 01:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-03-14 16:37 - 2019-03-06 01:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2019-03-14 16:37 - 2019-03-06 01:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-03-14 16:37 - 2019-03-06 01:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-03-14 16:37 - 2019-03-06 01:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
    2019-03-14 16:37 - 2019-03-06 01:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-03-14 16:37 - 2019-03-06 01:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2019-03-14 16:37 - 2019-03-06 01:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-03-14 16:37 - 2019-03-06 01:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-03-14 16:37 - 2019-03-06 01:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-03-14 16:37 - 2019-03-06 01:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-03-14 16:37 - 2019-03-06 01:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2019-03-14 16:37 - 2019-03-06 01:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-03-14 16:37 - 2019-02-20 23:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2019-03-14 16:37 - 2019-02-16 09:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-03-14 16:37 - 2019-02-16 09:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2019-03-14 16:37 - 2019-02-16 09:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
    2019-03-14 16:37 - 2019-02-16 08:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2019-03-14 16:37 - 2019-02-16 08:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2019-03-14 16:37 - 2019-02-16 08:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2019-03-14 16:37 - 2019-02-16 08:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2019-03-14 16:37 - 2019-02-16 08:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2019-03-14 16:37 - 2019-02-16 08:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2019-03-14 16:37 - 2019-02-16 08:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-03-14 16:37 - 2019-02-16 08:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2019-03-14 16:37 - 2019-02-16 08:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
    2019-03-14 16:37 - 2019-02-16 08:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2019-03-14 16:37 - 2019-02-16 08:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-03-14 16:37 - 2019-02-16 08:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2019-03-14 16:37 - 2019-02-16 08:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2019-03-14 16:37 - 2019-02-16 08:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2019-03-14 16:37 - 2019-02-16 08:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
    2019-03-14 16:37 - 2019-02-16 08:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2019-03-14 16:37 - 2019-02-16 08:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2019-03-14 16:37 - 2019-02-16 08:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2019-03-14 16:37 - 2019-02-16 08:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
    2019-03-14 16:37 - 2019-02-16 08:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2019-03-14 16:37 - 2019-02-16 08:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2019-03-14 16:37 - 2019-02-16 08:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2019-03-14 16:37 - 2019-02-16 08:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
    2019-03-14 16:37 - 2019-02-16 08:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2019-03-14 16:37 - 2019-02-16 08:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
    2019-03-14 16:37 - 2019-02-16 08:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-03-14 16:37 - 2019-02-16 08:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2019-03-14 16:37 - 2019-02-16 08:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2019-03-14 16:37 - 2019-02-16 08:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2019-03-14 16:37 - 2019-02-16 08:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
    2019-03-14 16:37 - 2019-02-16 08:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
    2019-03-14 16:37 - 2019-02-16 06:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2019-03-14 16:37 - 2019-02-16 06:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2019-03-14 16:37 - 2019-02-16 04:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2019-03-14 16:37 - 2019-02-16 04:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2019-03-14 16:37 - 2019-02-16 04:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2019-03-14 16:37 - 2019-02-16 04:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
    2019-03-14 16:37 - 2019-02-16 04:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2019-03-14 16:37 - 2019-02-16 04:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2019-03-14 16:37 - 2019-02-16 04:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-03-14 16:37 - 2019-02-16 04:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2019-03-14 16:37 - 2019-02-16 04:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2019-03-14 16:37 - 2019-02-16 04:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-03-14 16:37 - 2019-02-16 04:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-03-14 16:37 - 2019-02-16 04:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2019-03-14 16:37 - 2019-02-16 04:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-03-14 16:37 - 2019-02-16 04:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-03-14 16:37 - 2019-02-16 04:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2019-03-14 16:37 - 2019-02-16 04:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2019-03-14 16:37 - 2019-02-16 04:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-03-14 16:37 - 2019-02-16 04:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2019-03-14 16:37 - 2019-02-16 04:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
    2019-03-14 16:37 - 2019-02-16 03:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
    2019-03-14 16:37 - 2019-02-16 03:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2019-03-14 16:37 - 2019-02-16 03:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-03-14 16:37 - 2019-02-16 03:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2019-03-14 16:37 - 2019-02-16 03:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2019-03-14 16:37 - 2019-02-16 03:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
    2019-03-14 16:37 - 2019-02-16 03:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2019-03-14 16:37 - 2019-02-16 03:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2019-03-14 16:37 - 2019-02-16 03:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-03-14 16:37 - 2019-02-16 03:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-03-14 16:37 - 2019-02-16 03:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-03-14 16:37 - 2019-02-16 03:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2019-03-14 16:37 - 2019-02-16 03:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2019-03-14 16:37 - 2019-02-16 03:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
    2019-03-14 16:37 - 2019-02-16 03:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-03-14 16:37 - 2019-02-16 03:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-03-14 16:37 - 2019-02-16 03:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2019-03-14 16:37 - 2019-02-16 03:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2019-03-14 16:37 - 2019-02-16 03:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2019-03-14 16:37 - 2019-02-16 03:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2019-03-14 16:37 - 2019-02-16 03:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
    2019-03-14 16:37 - 2019-02-16 03:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-03-14 16:37 - 2019-02-16 03:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-03-14 16:37 - 2019-02-16 03:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2019-03-14 16:37 - 2019-02-16 03:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2019-03-14 16:37 - 2019-02-16 03:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2019-03-14 16:37 - 2019-02-16 03:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2019-03-14 16:37 - 2019-02-16 03:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-03-14 16:37 - 2019-02-16 03:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2019-03-14 16:37 - 2019-02-16 03:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2019-03-14 16:37 - 2019-02-16 03:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2019-03-14 16:37 - 2019-02-16 03:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2019-03-14 16:37 - 2019-02-16 03:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2019-03-14 16:37 - 2019-02-16 03:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2019-03-14 16:37 - 2019-02-16 03:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2019-03-14 16:36 - 2019-03-03 12:54 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-03-14 16:36 - 2019-03-03 12:54 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-03-11 14:03 - 2019-03-13 04:21 - 000014022 _____ C:\Users\pjd1\Documents\TV Channels.xlsx
    ==================== One month (modified) ========
    (If an entry is included in the fixlist, the file/folder will be moved.)
    2019-04-03 02:50 - 2018-01-29 21:12 - 000000000 ____D C:\EMBIRD32
    2019-04-03 00:37 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-04-02 22:43 - 2018-06-14 00:46 - 000004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3BF3DFDF-41D6-4CA5-8BCA-1F1D64FC2FA2}
    2019-04-02 22:10 - 2017-06-30 16:50 - 000000000 ____D C:\Users\pjd1\AppData\Local\CrashDumps
    2019-04-02 21:39 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
    2019-04-02 18:24 - 2018-06-14 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-04-02 11:16 - 2018-06-14 00:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-04-02 11:15 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-04-01 17:35 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-04-01 17:35 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-03-31 03:42 - 2018-01-29 21:32 - 000000633 _____ C:\Users\pjd1\Desktop\EMBIRD.EXE - Shortcut.lnk
    2019-03-30 22:37 - 2017-06-30 15:43 - 000000000 ___RD C:\Users\pjd1\OneDrive
    2019-03-30 20:42 - 2019-01-20 06:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
    2019-03-30 02:34 - 2019-01-06 01:23 - 000000000 ____D C:\Users\pjd1\AppData\Local\NPE
    2019-03-30 02:33 - 2017-06-20 06:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2019-03-29 22:00 - 2017-06-20 06:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-03-29 21:49 - 2017-07-09 17:49 - 000000000 ___RD C:\Users\pjd1\Dropbox
    2019-03-29 21:48 - 2017-07-09 17:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-03-29 03:43 - 2018-05-03 03:42 - 000000079 _____ C:\WINDOWS\password.klc
    2019-03-28 04:04 - 2018-06-16 01:06 - 000000000 ____D C:\Users\pjd1\AppData\Local\PlaceholderTileLogoFolder
    2019-03-28 04:04 - 2017-12-25 13:00 - 000000000 ____D C:\Users\pjd1\AppData\Local\Packages
    2019-03-28 02:21 - 2018-06-14 00:35 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-03-28 02:20 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-03-27 22:14 - 2017-07-09 17:38 - 000000000 ____D C:\Users\pjd1\AppData\Local\Dropbox
    2019-03-27 20:21 - 2018-06-14 00:46 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-03-27 20:21 - 2018-06-14 00:46 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-03-26 18:22 - 2018-09-13 23:32 - 000002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-03-26 18:22 - 2018-09-13 23:32 - 000002304 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-03-21 21:58 - 2018-06-29 00:16 - 000000000 ___RD C:\1 Xfrd from Old Laptop Emb
    2019-03-21 21:58 - 2018-06-28 23:09 - 000000000 ____D C:\1 Business
    2019-03-21 01:47 - 2017-06-20 06:00 - 000000000 ____D C:\ProgramData\Package Cache
    2019-03-20 02:12 - 2018-06-14 00:46 - 000000000 ____D C:\WINDOWS\System32\Tasks\Symantec Endpoint Protection
    2019-03-20 02:12 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Registration
    2019-03-20 02:08 - 2017-06-30 15:32 - 000000000 __SHD C:\Users\pjd1\IntelGraphicsProfiles
    2019-03-20 02:07 - 2018-06-14 00:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-03-20 02:07 - 2017-06-30 17:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2019-03-20 02:06 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-03-20 00:05 - 2018-11-22 18:25 - 000000000 ____D C:\Program Files\rempl
    2019-03-15 08:12 - 2018-09-05 00:13 - 000433264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-03-15 08:09 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2019-03-15 05:35 - 2018-05-03 03:42 - 000000079 _____ C:\password.klc
    2019-03-15 00:47 - 2017-06-20 06:03 - 000000000 ____D C:\Program Files (x86)\Intel
    2019-03-15 00:31 - 2017-11-02 16:49 - 000000274 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
    2019-03-15 00:31 - 2017-06-20 05:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2019-03-15 00:31 - 2017-06-20 05:54 - 000000000 ____D C:\Program Files\Dell
    2019-03-14 19:50 - 2018-07-10 00:57 - 000000000 ____D C:\Quicken
    2019-03-14 16:46 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-03-14 16:36 - 2017-07-06 15:37 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-03-14 16:30 - 2017-07-06 15:37 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-03-12 16:10 - 2018-06-28 23:59 - 000000000 ____D C:\Cruises
    Some files in TEMP:
    ====================
    2019-03-30 20:35 - 2019-03-30 20:35 - 022244088 _____ (Siber Systems) C:\Users\pjd1\AppData\Local\Temp\RoboForm-v8-Setup.exe
    ==================== Bamital & volsnap ======================
    (There is no automatic fix for files that do not pass verification.)
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    LastRegBack: 2018-06-14 00:17
    ==================== End of FRST.txt ==========================
     

    Attached Files:

  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    Hi,

    Uninstall a Chrome Extension

    Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    Click the trash can icon next to the following extension(s):

    ArcadeFrontier Ads

    A confirmation dialog will appear. Click Remove.

    ------------------------------------

    Open Google Chrome. Click the Menu icon in the upper right corner of the window (three vertical dots).

    Click Settings from the drop-down menu. Scroll down all the way and click Advanced.

    Under "Privacy and Security" click "Content Settings."

    Click Notifications. If you see any notifications allowed from unfamiliar sites, click Block or Remove next to the site URL.

    ------------------------------------

    We need to run a fix with FRST:

    • Please download the attached fixlist.txt file and save it to the same location as FRST
      Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

    ------------------------------------

    Let me know if the problem persists.
     

    Attached Files:

  11. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    Here is the log you requested. Hopefully this has gotten the problem fixed. I did a reboot, so I'll let you know. Thank you

    Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
    Ran by pjd1 (03-04-2019 17:48:09) Run:1
    Running from C:\Users\pjd1\Desktop
    Loaded Profiles: pjd1 (Available Profiles: pjd1)
    Boot Mode: Normal
    ==============================================
    fixlist content:
    *****************
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM\...\Run: [TrueColor UI] => [X]
    SearchScopes: HKU\S-1-5-21-1271785307-3524801948-1114839763-1001 -> DefaultScope {344A8554-D400-4CBF-A77C-EB6837A4198B} URL =
    SearchScopes: HKU\S-1-5-21-1271785307-3524801948-1114839763-1001 -> {344A8554-D400-4CBF-A77C-EB6837A4198B} URL =
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    End
    *****************
    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TrueColor UI" => removed successfully
    "HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-1271785307-3524801948-1114839763-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{344A8554-D400-4CBF-A77C-EB6837A4198B} => removed successfully
    HKLM\Software\Classes\CLSID\{344A8554-D400-4CBF-A77C-EB6837A4198B} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    =========== EmptyTemp: ==========
    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40155262 B
    Java, Flash, Steam htmlcache => 298 B
    Windows/system/drivers => 6607801 B
    Edge => 867790 B
    Chrome => 478997827 B
    Firefox => 0 B
    Opera => 0 B
    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 32010859 B
    systemprofile32 => 0 B
    LocalService => 58438 B
    LocalService => 0 B
    NetworkService => 124482 B
    NetworkService => 0 B
    pjd1 => 90374731 B
    RecycleBin => 0 B
    EmptyTemp: => 629.2 MB temporary data Removed.
    ================================
    The system needed a reboot.
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    Hi,

    If the problem persists, complete the steps in my previous post to uninstall the Chrome Extension and remove any unwanted Chrome notifications.

    Let me know how the computer is doing.
     
  13. pjgolf

    pjgolf Thread Starter

    Joined:
    Apr 2, 2019
    Messages:
    7
    So far so good. I re-checked Chrome extensions, and it is not on there. I haven't gotten any of those pop ups since you had me run "FRST". Thank you so much. I was going nuts trying to find it.
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    570
    Hi,

    I suggest you check the Chrome Notifications as well:

    Please run this ESET Online Scan just to err on the side of caution:


    Download ESET Online Scanner and save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • Click on Get Started.
    • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
    • Click on the Full Scan option.
    • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1225292

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice