imothom
2017-05-10, 06:18
Hi There! My computer definitely has a virus and I need help getting rid of it. I'm a college student with just about no computer knowledge, so I have no idea where to begin. I noticed something was up about 3 days ago. It started with me not being able to adjust by brightness using buttons and then later from settings. Then yesterday when I turned on my computer the cursor started freaking out and started appearing in little circles (as if I had clicked somewhere) in a spazzing line up my screen. Also, by taskbar switched to the top of my screen and it won't let me change it back. In addition, when I tried to download Avast (which I know I should've already had) the download will not complete--I believe due to the virus. I have finals this week, so I really need my computer. Please Help!!!!
Fybar Log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (09-05-2017 23:06:54)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ (http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.308.50.0_x64__8wekyb3d8bbwe\WindowsCamera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-05-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-05-09]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294920 2017-04-03] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158368 2017-05-08] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20170503.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20170508.011\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\ENG64.SYS [138912 2017-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\EX64.SYS [2151072 2017-01-31] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 23:06 - 2017-05-09 23:07 - 00028765 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-05-09 23:06 - 2017-05-09 23:06 - 02429440 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64.exe
2017-05-09 23:06 - 2017-05-09 23:06 - 00000000 ____D C:\FRST
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignbb8752f25c5e4f93
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5eb56ba2926a4464
2017-05-09 22:43 - 2017-05-09 22:43 - 00000165 ____H C:\Users\Imogen\Documents\~$Moderation .pptx
2017-05-09 00:23 - 2017-05-09 22:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 00:23 - 2017-05-09 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-08 23:35 - 2017-05-08 23:35 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1494300916
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-08 23:34 - 2017-05-08 23:34 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-08 23:32 - 2017-05-08 23:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-IMOGENCOMPUTER-Windows-10-Home-(64-bit).dat
2017-05-08 23:32 - 2017-05-08 23:32 - 00000000 ____D C:\RegBackup
2017-05-08 23:31 - 2017-05-08 23:31 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-05-08 23:31 - 2017-05-08 23:31 - 00002323 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-05-08 23:27 - 2017-05-08 23:30 - 05766144 _____ (Tweaking.com) C:\Users\Imogen\Downloads\tweaking.com_registry_backup_setup.exe
2017-05-08 23:26 - 2017-05-08 23:26 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-08 23:25 - 2017-05-08 23:25 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-08 23:25 - 2017-05-08 23:25 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Users\Imogen\AppData\Roaming\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-08 23:24 - 2017-05-08 23:24 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-08 23:24 - 2017-05-08 23:24 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-08 23:19 - 2017-05-08 23:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-08 23:18 - 2017-05-08 23:18 - 06656392 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online (1).exe
2017-05-08 23:17 - 2017-05-09 00:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 22:46 - 2017-05-08 23:15 - 05641780 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online.exe
2017-05-07 11:14 - 2017-05-07 11:14 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign88936b33f3666026
2017-05-07 11:08 - 2017-05-07 11:08 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8fcd434219a32605
2017-05-07 11:01 - 2017-05-07 11:01 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign15bb491b4f73eb02
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc6d807332f98d820
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8e1aa0e7e1ac92d8
2017-05-06 14:30 - 2017-05-09 22:52 - 49073448 _____ C:\Users\Imogen\Documents\Moderation .pptx
2017-05-06 14:07 - 2017-05-06 14:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8b1c4dba7551e4b6
2017-05-06 13:32 - 2017-05-06 13:32 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignfb7dc0c186d3df2f
2017-05-04 00:16 - 2017-05-04 00:16 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign3acdaaf9591245e0
2017-05-03 23:42 - 2017-05-03 23:42 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignaee176ea9c7fddc1
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5e21262d99fdd381
2017-05-02 15:07 - 2017-05-02 15:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign27077d95ae692278
2017-05-02 12:18 - 2017-05-02 12:18 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign1b26663478104246
2017-05-02 11:58 - 2017-05-02 11:58 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncaa5c550e3394230
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncdd5d4651dae365d
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign69d02f78260485b9
2017-05-02 11:52 - 2017-05-02 11:52 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign4d61311d652fe865
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-04-27 15:10 - 2017-04-27 17:37 - 00000000 ____D C:\Users\Imogen\Documents\New School Syllabi
2017-04-27 15:09 - 2017-04-27 15:09 - 00389497 _____ C:\Users\Imogen\Downloads\TNS_WritingOrality_Sullivan_S2017.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00257883 _____ C:\Users\Imogen\Downloads\newschoolSYLLABUS2016.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00096965 _____ C:\Users\Imogen\Downloads\Creative Technologies 2015.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00087975 _____ C:\Users\Imogen\Downloads\NSD_BFA_AestheticInquiry1_Fall2015.pdf
2017-04-17 22:25 - 2017-04-17 22:25 - 01537938 _____ C:\Users\Imogen\Downloads\15-16 NSSR Catalog - Final Draft.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Downloads\SexyLizards_draft4.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Documents\SexyLizards_draft4.pdf
2017-04-16 16:46 - 2017-04-16 16:46 - 00004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-14 01:49 - 2017-03-28 05:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 05:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-14 01:49 - 2017-03-28 04:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-14 01:49 - 2017-03-28 04:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-14 01:49 - 2017-03-28 04:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-14 01:49 - 2017-03-28 04:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-14 01:49 - 2017-03-28 03:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:49 - 2017-03-28 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 03:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-14 01:49 - 2017-03-28 03:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 03:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-14 01:49 - 2017-03-28 03:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-14 01:49 - 2017-03-28 03:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-14 01:49 - 2017-03-28 03:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-14 01:49 - 2017-03-28 02:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 02:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-14 01:49 - 2017-03-28 02:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-14 01:49 - 2017-03-28 02:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-14 01:49 - 2017-03-28 02:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-14 01:49 - 2017-03-28 02:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-14 01:49 - 2017-03-28 02:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-14 01:49 - 2017-03-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-14 01:49 - 2017-03-28 02:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-14 01:49 - 2017-03-28 02:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-14 01:49 - 2017-03-28 01:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-14 01:49 - 2017-03-28 01:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-14 01:49 - 2017-03-28 01:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-14 01:49 - 2017-03-28 01:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:49 - 2017-03-28 01:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-14 01:49 - 2017-03-28 01:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-14 01:49 - 2017-03-28 01:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-14 01:49 - 2017-03-28 01:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-14 01:49 - 2017-03-28 01:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-14 01:49 - 2017-03-28 01:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-14 01:49 - 2017-03-28 01:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-14 01:49 - 2017-03-28 00:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-14 01:49 - 2017-03-28 00:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-14 01:49 - 2017-03-28 00:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 00:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-14 01:49 - 2017-03-18 12:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-14 01:48 - 2017-03-28 06:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-14 01:48 - 2017-03-28 06:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 06:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-14 01:48 - 2017-03-28 05:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:48 - 2017-03-28 05:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-14 01:48 - 2017-03-28 05:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-14 01:48 - 2017-03-28 04:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 04:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-14 01:48 - 2017-03-28 04:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-14 01:48 - 2017-03-28 03:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 03:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-14 01:48 - 2017-03-28 03:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-14 01:48 - 2017-03-28 03:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-14 01:48 - 2017-03-28 03:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 03:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:48 - 2017-03-28 02:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-14 01:48 - 2017-03-28 02:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 02:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 02:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-14 01:48 - 2017-03-28 02:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 02:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 02:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-14 01:48 - 2017-03-28 02:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-14 01:48 - 2017-03-28 02:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-14 01:48 - 2017-03-28 02:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-14 01:48 - 2017-03-28 01:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-14 01:48 - 2017-03-28 01:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 01:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-14 01:48 - 2017-03-28 01:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 01:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 01:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-14 01:48 - 2017-03-28 01:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-14 01:48 - 2017-03-28 01:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 00:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-14 01:48 - 2017-03-28 00:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-14 01:48 - 2017-03-28 00:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-14 01:48 - 2017-03-18 16:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-14 01:47 - 2017-03-28 06:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-14 01:47 - 2017-03-28 06:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-14 01:47 - 2017-03-28 06:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-14 01:47 - 2017-03-28 05:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-14 01:47 - 2017-03-28 05:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-14 01:47 - 2017-03-28 05:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-14 01:47 - 2017-03-28 05:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-14 01:47 - 2017-03-28 05:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-14 01:47 - 2017-03-28 05:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-14 01:47 - 2017-03-28 05:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-14 01:47 - 2017-03-28 04:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-14 01:47 - 2017-03-28 04:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-14 01:47 - 2017-03-28 04:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-14 01:47 - 2017-03-28 04:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-14 01:47 - 2017-03-28 04:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-14 01:47 - 2017-03-28 04:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-14 01:47 - 2017-03-28 03:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-14 01:47 - 2017-03-28 03:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-14 01:47 - 2017-03-28 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-14 01:47 - 2017-03-28 03:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-14 01:47 - 2017-03-28 03:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 03:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-14 01:47 - 2017-03-28 03:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-14 01:47 - 2017-03-28 03:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-14 01:47 - 2017-03-28 03:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-14 01:47 - 2017-03-28 03:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-14 01:47 - 2017-03-28 03:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-14 01:47 - 2017-03-28 03:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-14 01:47 - 2017-03-28 03:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-14 01:47 - 2017-03-28 03:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-14 01:47 - 2017-03-28 03:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-14 01:47 - 2017-03-28 03:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-14 01:47 - 2017-03-28 02:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-14 01:47 - 2017-03-28 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-14 01:47 - 2017-03-28 02:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-14 01:47 - 2017-03-28 02:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-14 01:47 - 2017-03-28 02:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-14 01:47 - 2017-03-28 02:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-14 01:47 - 2017-03-28 02:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-14 01:47 - 2017-03-28 02:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-14 01:47 - 2017-03-28 02:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-14 01:47 - 2017-03-28 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 02:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-14 01:47 - 2017-03-28 01:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-14 01:47 - 2017-03-28 01:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-14 01:47 - 2017-03-28 01:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-14 01:47 - 2017-03-28 01:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-14 01:47 - 2017-03-28 01:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-14 01:47 - 2017-03-28 01:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-14 01:47 - 2017-03-28 01:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-14 01:47 - 2017-03-28 01:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-14 01:47 - 2017-03-20 21:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 22:58 - 2015-07-16 10:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-09 22:24 - 2015-08-16 13:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-05-09 07:33 - 2015-08-31 15:37 - 00000000 ____D C:\ProgramData\Symantec
2017-05-09 02:00 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-05-09 00:23 - 2015-07-16 10:13 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-09 00:22 - 2015-07-16 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-08 23:19 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-08 22:42 - 2015-12-16 00:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-08 22:42 - 2015-08-16 16:33 - 00000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-05-07 20:23 - 2015-08-16 14:57 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-07 20:18 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-05-07 20:17 - 2015-12-16 00:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 20:15 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-05-07 10:59 - 2016-03-04 00:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-02 13:44 - 2015-08-16 12:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-05-01 16:22 - 2016-03-09 09:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-05-01 16:22 - 2016-03-04 00:54 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-05-01 16:21 - 2015-08-31 15:27 - 00000000 ___RD C:\Users\Imogen\Creative Cloud Files
2017-04-30 03:42 - 2015-08-16 13:07 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 03:42 - 2015-08-16 13:07 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 13:32 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 13:29 - 2015-07-16 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-16 21:35 - 2015-08-16 11:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 21:32 - 2015-12-16 00:13 - 05009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:29 - 2015-08-16 18:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-16 20:26 - 2015-08-16 18:34 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-16 20:25 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-14 01:27 - 2016-03-04 00:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-14 00:42 - 2016-12-15 23:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-14 00:40 - 2015-08-16 16:36 - 00002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 00:40 - 2015-08-16 16:36 - 00000000 ___RD C:\Users\Imogen\OneDrive
==================== Files in the root of some directories =======
2015-09-04 09:28 - 2016-05-18 21:01 - 0000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 0001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
Some files in TEMP:
====================
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-04 20:24
==================== End of FRST.txt ============================
aswMBR scan
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-05-09 23:12:23
-----------------------------
23:12:23.716 OS Version: Windows x64 6.2.9200
23:12:23.716 Number of processors: 8 586 0x3C03
23:12:23.717 ComputerName: IMOGENCOMPUTER UserName: Imogen
23:12:30.201 Initialize success
23:12:35.279 VM: initialized successfully
23:12:35.280 VM: Intel CPU supported
23:12:38.553 VM: disk I/O iaStorA.sys
23:12:46.282 AVAST engine defs: 17050904
23:12:48.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
23:12:48.325 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
23:12:48.332 Disk 0 MBR read successfully
23:12:48.334 Disk 0 MBR scan
23:12:48.337 Disk 0 unknown MBR code
23:12:48.340 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:48.347 Disk 0 scanning C:\WINDOWS\system32\drivers
23:12:51.649 Service scanning
23:12:58.610 Modules scanning
23:12:58.626 Disk 0 trace - called modules:
23:12:58.649 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys ACPI.sys storport.sys hal.dll iaStorA.sys
23:12:58.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001b9647060]
23:12:58.663 3 aswSP.sys[fffff801dc800432] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe001b964d060]
23:12:58.669 5 thpdrv.sys[fffff801d60d5c97] -> nt!IofCallDriver -> [0xffffe001b71c1550]
23:12:58.675 7 ACPI.sys[fffff801d4d81361] -> nt!IofCallDriver -> \Device\00000038[0xffffe001b71c3400]
23:13:00.203 AVAST engine scan C:\WINDOWS
23:13:02.436 AVAST engine scan C:\WINDOWS\system32
23:14:48.042 AVAST engine scan C:\WINDOWS\system32\drivers
23:14:54.141 AVAST engine scan C:\Users\Imogen
23:15:35.123 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Downloads\MBR.dat"
23:15:35.129 The log file has been saved successfully to "C:\Users\Imogen\Downloads\aswMBR.txt"
Fybar Log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (09-05-2017 23:06:54)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ (http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.308.50.0_x64__8wekyb3d8bbwe\WindowsCamera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-05-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-05-09]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294920 2017-04-03] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158368 2017-05-08] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20170503.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20170508.011\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\ENG64.SYS [138912 2017-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\EX64.SYS [2151072 2017-01-31] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 23:06 - 2017-05-09 23:07 - 00028765 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-05-09 23:06 - 2017-05-09 23:06 - 02429440 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64.exe
2017-05-09 23:06 - 2017-05-09 23:06 - 00000000 ____D C:\FRST
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignbb8752f25c5e4f93
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5eb56ba2926a4464
2017-05-09 22:43 - 2017-05-09 22:43 - 00000165 ____H C:\Users\Imogen\Documents\~$Moderation .pptx
2017-05-09 00:23 - 2017-05-09 22:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 00:23 - 2017-05-09 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-08 23:35 - 2017-05-08 23:35 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1494300916
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-08 23:34 - 2017-05-08 23:34 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-08 23:32 - 2017-05-08 23:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-IMOGENCOMPUTER-Windows-10-Home-(64-bit).dat
2017-05-08 23:32 - 2017-05-08 23:32 - 00000000 ____D C:\RegBackup
2017-05-08 23:31 - 2017-05-08 23:31 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-05-08 23:31 - 2017-05-08 23:31 - 00002323 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-05-08 23:27 - 2017-05-08 23:30 - 05766144 _____ (Tweaking.com) C:\Users\Imogen\Downloads\tweaking.com_registry_backup_setup.exe
2017-05-08 23:26 - 2017-05-08 23:26 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-08 23:25 - 2017-05-08 23:25 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-08 23:25 - 2017-05-08 23:25 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Users\Imogen\AppData\Roaming\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-08 23:24 - 2017-05-08 23:24 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-08 23:24 - 2017-05-08 23:24 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-08 23:19 - 2017-05-08 23:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-08 23:18 - 2017-05-08 23:18 - 06656392 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online (1).exe
2017-05-08 23:17 - 2017-05-09 00:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 22:46 - 2017-05-08 23:15 - 05641780 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online.exe
2017-05-07 11:14 - 2017-05-07 11:14 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign88936b33f3666026
2017-05-07 11:08 - 2017-05-07 11:08 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8fcd434219a32605
2017-05-07 11:01 - 2017-05-07 11:01 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign15bb491b4f73eb02
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc6d807332f98d820
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8e1aa0e7e1ac92d8
2017-05-06 14:30 - 2017-05-09 22:52 - 49073448 _____ C:\Users\Imogen\Documents\Moderation .pptx
2017-05-06 14:07 - 2017-05-06 14:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8b1c4dba7551e4b6
2017-05-06 13:32 - 2017-05-06 13:32 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignfb7dc0c186d3df2f
2017-05-04 00:16 - 2017-05-04 00:16 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign3acdaaf9591245e0
2017-05-03 23:42 - 2017-05-03 23:42 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignaee176ea9c7fddc1
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5e21262d99fdd381
2017-05-02 15:07 - 2017-05-02 15:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign27077d95ae692278
2017-05-02 12:18 - 2017-05-02 12:18 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign1b26663478104246
2017-05-02 11:58 - 2017-05-02 11:58 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncaa5c550e3394230
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncdd5d4651dae365d
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign69d02f78260485b9
2017-05-02 11:52 - 2017-05-02 11:52 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign4d61311d652fe865
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-04-27 15:10 - 2017-04-27 17:37 - 00000000 ____D C:\Users\Imogen\Documents\New School Syllabi
2017-04-27 15:09 - 2017-04-27 15:09 - 00389497 _____ C:\Users\Imogen\Downloads\TNS_WritingOrality_Sullivan_S2017.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00257883 _____ C:\Users\Imogen\Downloads\newschoolSYLLABUS2016.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00096965 _____ C:\Users\Imogen\Downloads\Creative Technologies 2015.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00087975 _____ C:\Users\Imogen\Downloads\NSD_BFA_AestheticInquiry1_Fall2015.pdf
2017-04-17 22:25 - 2017-04-17 22:25 - 01537938 _____ C:\Users\Imogen\Downloads\15-16 NSSR Catalog - Final Draft.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Downloads\SexyLizards_draft4.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Documents\SexyLizards_draft4.pdf
2017-04-16 16:46 - 2017-04-16 16:46 - 00004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-14 01:49 - 2017-03-28 05:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 05:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-14 01:49 - 2017-03-28 04:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-14 01:49 - 2017-03-28 04:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-14 01:49 - 2017-03-28 04:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-14 01:49 - 2017-03-28 04:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-14 01:49 - 2017-03-28 03:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:49 - 2017-03-28 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 03:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-14 01:49 - 2017-03-28 03:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 03:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-14 01:49 - 2017-03-28 03:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-14 01:49 - 2017-03-28 03:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-14 01:49 - 2017-03-28 03:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-14 01:49 - 2017-03-28 02:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 02:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-14 01:49 - 2017-03-28 02:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-14 01:49 - 2017-03-28 02:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-14 01:49 - 2017-03-28 02:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-14 01:49 - 2017-03-28 02:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-14 01:49 - 2017-03-28 02:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-14 01:49 - 2017-03-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-14 01:49 - 2017-03-28 02:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-14 01:49 - 2017-03-28 02:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-14 01:49 - 2017-03-28 01:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-14 01:49 - 2017-03-28 01:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-14 01:49 - 2017-03-28 01:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-14 01:49 - 2017-03-28 01:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:49 - 2017-03-28 01:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-14 01:49 - 2017-03-28 01:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-14 01:49 - 2017-03-28 01:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-14 01:49 - 2017-03-28 01:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-14 01:49 - 2017-03-28 01:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-14 01:49 - 2017-03-28 01:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-14 01:49 - 2017-03-28 01:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-14 01:49 - 2017-03-28 00:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-14 01:49 - 2017-03-28 00:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-14 01:49 - 2017-03-28 00:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 00:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-14 01:49 - 2017-03-18 12:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-14 01:48 - 2017-03-28 06:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-14 01:48 - 2017-03-28 06:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 06:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-14 01:48 - 2017-03-28 05:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:48 - 2017-03-28 05:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-14 01:48 - 2017-03-28 05:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-14 01:48 - 2017-03-28 04:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 04:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-14 01:48 - 2017-03-28 04:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-14 01:48 - 2017-03-28 03:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 03:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-14 01:48 - 2017-03-28 03:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-14 01:48 - 2017-03-28 03:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-14 01:48 - 2017-03-28 03:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 03:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:48 - 2017-03-28 02:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-14 01:48 - 2017-03-28 02:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 02:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 02:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-14 01:48 - 2017-03-28 02:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 02:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 02:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-14 01:48 - 2017-03-28 02:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-14 01:48 - 2017-03-28 02:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-14 01:48 - 2017-03-28 02:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-14 01:48 - 2017-03-28 01:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-14 01:48 - 2017-03-28 01:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 01:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-14 01:48 - 2017-03-28 01:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 01:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 01:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-14 01:48 - 2017-03-28 01:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-14 01:48 - 2017-03-28 01:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 00:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-14 01:48 - 2017-03-28 00:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-14 01:48 - 2017-03-28 00:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-14 01:48 - 2017-03-18 16:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-14 01:47 - 2017-03-28 06:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-14 01:47 - 2017-03-28 06:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-14 01:47 - 2017-03-28 06:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-14 01:47 - 2017-03-28 05:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-14 01:47 - 2017-03-28 05:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-14 01:47 - 2017-03-28 05:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-14 01:47 - 2017-03-28 05:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-14 01:47 - 2017-03-28 05:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-14 01:47 - 2017-03-28 05:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-14 01:47 - 2017-03-28 05:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-14 01:47 - 2017-03-28 04:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-14 01:47 - 2017-03-28 04:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-14 01:47 - 2017-03-28 04:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-14 01:47 - 2017-03-28 04:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-14 01:47 - 2017-03-28 04:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-14 01:47 - 2017-03-28 04:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-14 01:47 - 2017-03-28 03:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-14 01:47 - 2017-03-28 03:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-14 01:47 - 2017-03-28 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-14 01:47 - 2017-03-28 03:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-14 01:47 - 2017-03-28 03:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 03:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-14 01:47 - 2017-03-28 03:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-14 01:47 - 2017-03-28 03:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-14 01:47 - 2017-03-28 03:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-14 01:47 - 2017-03-28 03:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-14 01:47 - 2017-03-28 03:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-14 01:47 - 2017-03-28 03:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-14 01:47 - 2017-03-28 03:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-14 01:47 - 2017-03-28 03:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-14 01:47 - 2017-03-28 03:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-14 01:47 - 2017-03-28 03:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-14 01:47 - 2017-03-28 02:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-14 01:47 - 2017-03-28 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-14 01:47 - 2017-03-28 02:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-14 01:47 - 2017-03-28 02:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-14 01:47 - 2017-03-28 02:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-14 01:47 - 2017-03-28 02:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-14 01:47 - 2017-03-28 02:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-14 01:47 - 2017-03-28 02:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-14 01:47 - 2017-03-28 02:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-14 01:47 - 2017-03-28 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 02:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-14 01:47 - 2017-03-28 01:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-14 01:47 - 2017-03-28 01:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-14 01:47 - 2017-03-28 01:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-14 01:47 - 2017-03-28 01:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-14 01:47 - 2017-03-28 01:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-14 01:47 - 2017-03-28 01:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-14 01:47 - 2017-03-28 01:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-14 01:47 - 2017-03-28 01:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-14 01:47 - 2017-03-20 21:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-09 22:58 - 2015-07-16 10:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-09 22:24 - 2015-08-16 13:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-05-09 07:33 - 2015-08-31 15:37 - 00000000 ____D C:\ProgramData\Symantec
2017-05-09 02:00 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-05-09 00:23 - 2015-07-16 10:13 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-09 00:22 - 2015-07-16 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-08 23:19 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-08 22:42 - 2015-12-16 00:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-08 22:42 - 2015-08-16 16:33 - 00000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-05-07 20:23 - 2015-08-16 14:57 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-07 20:18 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-05-07 20:17 - 2015-12-16 00:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 20:15 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-05-07 10:59 - 2016-03-04 00:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-02 13:44 - 2015-08-16 12:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-05-01 16:22 - 2016-03-09 09:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-05-01 16:22 - 2016-03-04 00:54 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-05-01 16:21 - 2015-08-31 15:27 - 00000000 ___RD C:\Users\Imogen\Creative Cloud Files
2017-04-30 03:42 - 2015-08-16 13:07 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 03:42 - 2015-08-16 13:07 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 13:32 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 13:29 - 2015-07-16 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-16 21:35 - 2015-08-16 11:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 21:32 - 2015-12-16 00:13 - 05009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:29 - 2015-08-16 18:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-16 20:26 - 2015-08-16 18:34 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-16 20:25 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-14 01:27 - 2016-03-04 00:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-14 00:42 - 2016-12-15 23:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-14 00:40 - 2015-08-16 16:36 - 00002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 00:40 - 2015-08-16 16:36 - 00000000 ___RD C:\Users\Imogen\OneDrive
==================== Files in the root of some directories =======
2015-09-04 09:28 - 2016-05-18 21:01 - 0000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 0001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
Some files in TEMP:
====================
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-04 20:24
==================== End of FRST.txt ============================
aswMBR scan
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-05-09 23:12:23
-----------------------------
23:12:23.716 OS Version: Windows x64 6.2.9200
23:12:23.716 Number of processors: 8 586 0x3C03
23:12:23.717 ComputerName: IMOGENCOMPUTER UserName: Imogen
23:12:30.201 Initialize success
23:12:35.279 VM: initialized successfully
23:12:35.280 VM: Intel CPU supported
23:12:38.553 VM: disk I/O iaStorA.sys
23:12:46.282 AVAST engine defs: 17050904
23:12:48.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
23:12:48.325 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
23:12:48.332 Disk 0 MBR read successfully
23:12:48.334 Disk 0 MBR scan
23:12:48.337 Disk 0 unknown MBR code
23:12:48.340 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:48.347 Disk 0 scanning C:\WINDOWS\system32\drivers
23:12:51.649 Service scanning
23:12:58.610 Modules scanning
23:12:58.626 Disk 0 trace - called modules:
23:12:58.649 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys ACPI.sys storport.sys hal.dll iaStorA.sys
23:12:58.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001b9647060]
23:12:58.663 3 aswSP.sys[fffff801dc800432] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe001b964d060]
23:12:58.669 5 thpdrv.sys[fffff801d60d5c97] -> nt!IofCallDriver -> [0xffffe001b71c1550]
23:12:58.675 7 ACPI.sys[fffff801d4d81361] -> nt!IofCallDriver -> \Device\00000038[0xffffe001b71c3400]
23:13:00.203 AVAST engine scan C:\WINDOWS
23:13:02.436 AVAST engine scan C:\WINDOWS\system32
23:14:48.042 AVAST engine scan C:\WINDOWS\system32\drivers
23:14:54.141 AVAST engine scan C:\Users\Imogen
23:15:35.123 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Downloads\MBR.dat"
23:15:35.129 The log file has been saved successfully to "C:\Users\Imogen\Downloads\aswMBR.txt"