PDA

View Full Version : Virus that I need help getting rid of PLEASE HELP!!!



imothom
2017-05-10, 06:18
Hi There! My computer definitely has a virus and I need help getting rid of it. I'm a college student with just about no computer knowledge, so I have no idea where to begin. I noticed something was up about 3 days ago. It started with me not being able to adjust by brightness using buttons and then later from settings. Then yesterday when I turned on my computer the cursor started freaking out and started appearing in little circles (as if I had clicked somewhere) in a spazzing line up my screen. Also, by taskbar switched to the top of my screen and it won't let me change it back. In addition, when I tried to download Avast (which I know I should've already had) the download will not complete--I believe due to the virus. I have finals this week, so I really need my computer. Please Help!!!!

Fybar Log


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (09-05-2017 23:06:54)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ (http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.308.50.0_x64__8wekyb3d8bbwe\WindowsCamera.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-05-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-05-09]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294920 2017-04-03] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158368 2017-05-08] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20170503.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20170508.011\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\ENG64.SYS [138912 2017-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.002\EX64.SYS [2151072 2017-01-31] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-09 23:06 - 2017-05-09 23:07 - 00028765 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-05-09 23:06 - 2017-05-09 23:06 - 02429440 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64.exe
2017-05-09 23:06 - 2017-05-09 23:06 - 00000000 ____D C:\FRST
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignbb8752f25c5e4f93
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5eb56ba2926a4464
2017-05-09 22:43 - 2017-05-09 22:43 - 00000165 ____H C:\Users\Imogen\Documents\~$Moderation .pptx
2017-05-09 00:23 - 2017-05-09 22:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 00:23 - 2017-05-09 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-08 23:35 - 2017-05-08 23:35 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1494300916
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-08 23:34 - 2017-05-08 23:34 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-08 23:32 - 2017-05-08 23:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-IMOGENCOMPUTER-Windows-10-Home-(64-bit).dat
2017-05-08 23:32 - 2017-05-08 23:32 - 00000000 ____D C:\RegBackup
2017-05-08 23:31 - 2017-05-08 23:31 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-05-08 23:31 - 2017-05-08 23:31 - 00002323 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-05-08 23:27 - 2017-05-08 23:30 - 05766144 _____ (Tweaking.com) C:\Users\Imogen\Downloads\tweaking.com_registry_backup_setup.exe
2017-05-08 23:26 - 2017-05-08 23:26 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-08 23:25 - 2017-05-08 23:25 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-08 23:25 - 2017-05-08 23:25 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Users\Imogen\AppData\Roaming\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-08 23:24 - 2017-05-08 23:24 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-08 23:24 - 2017-05-08 23:24 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-08 23:19 - 2017-05-08 23:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-08 23:18 - 2017-05-08 23:18 - 06656392 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online (1).exe
2017-05-08 23:17 - 2017-05-09 00:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 22:46 - 2017-05-08 23:15 - 05641780 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online.exe
2017-05-07 11:14 - 2017-05-07 11:14 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign88936b33f3666026
2017-05-07 11:08 - 2017-05-07 11:08 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8fcd434219a32605
2017-05-07 11:01 - 2017-05-07 11:01 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign15bb491b4f73eb02
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc6d807332f98d820
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8e1aa0e7e1ac92d8
2017-05-06 14:30 - 2017-05-09 22:52 - 49073448 _____ C:\Users\Imogen\Documents\Moderation .pptx
2017-05-06 14:07 - 2017-05-06 14:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8b1c4dba7551e4b6
2017-05-06 13:32 - 2017-05-06 13:32 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignfb7dc0c186d3df2f
2017-05-04 00:16 - 2017-05-04 00:16 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign3acdaaf9591245e0
2017-05-03 23:42 - 2017-05-03 23:42 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignaee176ea9c7fddc1
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5e21262d99fdd381
2017-05-02 15:07 - 2017-05-02 15:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign27077d95ae692278
2017-05-02 12:18 - 2017-05-02 12:18 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign1b26663478104246
2017-05-02 11:58 - 2017-05-02 11:58 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncaa5c550e3394230
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncdd5d4651dae365d
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign69d02f78260485b9
2017-05-02 11:52 - 2017-05-02 11:52 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign4d61311d652fe865
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-05-01 16:22 - 2017-05-01 16:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-04-27 15:10 - 2017-04-27 17:37 - 00000000 ____D C:\Users\Imogen\Documents\New School Syllabi
2017-04-27 15:09 - 2017-04-27 15:09 - 00389497 _____ C:\Users\Imogen\Downloads\TNS_WritingOrality_Sullivan_S2017.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00257883 _____ C:\Users\Imogen\Downloads\newschoolSYLLABUS2016.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00096965 _____ C:\Users\Imogen\Downloads\Creative Technologies 2015.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00087975 _____ C:\Users\Imogen\Downloads\NSD_BFA_AestheticInquiry1_Fall2015.pdf
2017-04-17 22:25 - 2017-04-17 22:25 - 01537938 _____ C:\Users\Imogen\Downloads\15-16 NSSR Catalog - Final Draft.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Downloads\SexyLizards_draft4.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Documents\SexyLizards_draft4.pdf
2017-04-16 16:46 - 2017-04-16 16:46 - 00004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-14 01:49 - 2017-03-28 05:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 05:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-14 01:49 - 2017-03-28 04:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-14 01:49 - 2017-03-28 04:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-14 01:49 - 2017-03-28 04:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-14 01:49 - 2017-03-28 04:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-14 01:49 - 2017-03-28 03:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:49 - 2017-03-28 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 03:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-14 01:49 - 2017-03-28 03:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 03:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-14 01:49 - 2017-03-28 03:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-14 01:49 - 2017-03-28 03:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-14 01:49 - 2017-03-28 03:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-14 01:49 - 2017-03-28 02:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 02:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-14 01:49 - 2017-03-28 02:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-14 01:49 - 2017-03-28 02:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-14 01:49 - 2017-03-28 02:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-14 01:49 - 2017-03-28 02:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-14 01:49 - 2017-03-28 02:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-14 01:49 - 2017-03-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-14 01:49 - 2017-03-28 02:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-14 01:49 - 2017-03-28 02:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-14 01:49 - 2017-03-28 01:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-14 01:49 - 2017-03-28 01:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-14 01:49 - 2017-03-28 01:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-14 01:49 - 2017-03-28 01:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:49 - 2017-03-28 01:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-14 01:49 - 2017-03-28 01:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-14 01:49 - 2017-03-28 01:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-14 01:49 - 2017-03-28 01:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-14 01:49 - 2017-03-28 01:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-14 01:49 - 2017-03-28 01:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-14 01:49 - 2017-03-28 01:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-14 01:49 - 2017-03-28 00:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-14 01:49 - 2017-03-28 00:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-14 01:49 - 2017-03-28 00:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 00:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-14 01:49 - 2017-03-18 12:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-14 01:48 - 2017-03-28 06:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-14 01:48 - 2017-03-28 06:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 06:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-14 01:48 - 2017-03-28 05:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:48 - 2017-03-28 05:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-14 01:48 - 2017-03-28 05:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-14 01:48 - 2017-03-28 04:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 04:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-14 01:48 - 2017-03-28 04:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-14 01:48 - 2017-03-28 03:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 03:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-14 01:48 - 2017-03-28 03:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-14 01:48 - 2017-03-28 03:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-14 01:48 - 2017-03-28 03:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 03:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:48 - 2017-03-28 02:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-14 01:48 - 2017-03-28 02:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 02:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 02:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-14 01:48 - 2017-03-28 02:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 02:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 02:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-14 01:48 - 2017-03-28 02:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-14 01:48 - 2017-03-28 02:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-14 01:48 - 2017-03-28 02:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-14 01:48 - 2017-03-28 01:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-14 01:48 - 2017-03-28 01:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 01:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-14 01:48 - 2017-03-28 01:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 01:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 01:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-14 01:48 - 2017-03-28 01:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-14 01:48 - 2017-03-28 01:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 00:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-14 01:48 - 2017-03-28 00:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-14 01:48 - 2017-03-28 00:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-14 01:48 - 2017-03-18 16:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-14 01:47 - 2017-03-28 06:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-14 01:47 - 2017-03-28 06:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-14 01:47 - 2017-03-28 06:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-14 01:47 - 2017-03-28 05:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-14 01:47 - 2017-03-28 05:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-14 01:47 - 2017-03-28 05:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-14 01:47 - 2017-03-28 05:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-14 01:47 - 2017-03-28 05:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-14 01:47 - 2017-03-28 05:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-14 01:47 - 2017-03-28 05:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-14 01:47 - 2017-03-28 04:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-14 01:47 - 2017-03-28 04:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-14 01:47 - 2017-03-28 04:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-14 01:47 - 2017-03-28 04:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-14 01:47 - 2017-03-28 04:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-14 01:47 - 2017-03-28 04:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-14 01:47 - 2017-03-28 03:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-14 01:47 - 2017-03-28 03:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-14 01:47 - 2017-03-28 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-14 01:47 - 2017-03-28 03:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-14 01:47 - 2017-03-28 03:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 03:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-14 01:47 - 2017-03-28 03:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-14 01:47 - 2017-03-28 03:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-14 01:47 - 2017-03-28 03:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-14 01:47 - 2017-03-28 03:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-14 01:47 - 2017-03-28 03:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-14 01:47 - 2017-03-28 03:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-14 01:47 - 2017-03-28 03:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-14 01:47 - 2017-03-28 03:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-14 01:47 - 2017-03-28 03:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-14 01:47 - 2017-03-28 03:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-14 01:47 - 2017-03-28 02:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-14 01:47 - 2017-03-28 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-14 01:47 - 2017-03-28 02:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-14 01:47 - 2017-03-28 02:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-14 01:47 - 2017-03-28 02:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-14 01:47 - 2017-03-28 02:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-14 01:47 - 2017-03-28 02:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-14 01:47 - 2017-03-28 02:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-14 01:47 - 2017-03-28 02:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-14 01:47 - 2017-03-28 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 02:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-14 01:47 - 2017-03-28 01:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-14 01:47 - 2017-03-28 01:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-14 01:47 - 2017-03-28 01:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-14 01:47 - 2017-03-28 01:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-14 01:47 - 2017-03-28 01:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-14 01:47 - 2017-03-28 01:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-14 01:47 - 2017-03-28 01:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-14 01:47 - 2017-03-28 01:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-14 01:47 - 2017-03-20 21:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-09 22:58 - 2015-07-16 10:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-09 22:25 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-09 22:24 - 2015-08-16 13:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-05-09 07:33 - 2015-08-31 15:37 - 00000000 ____D C:\ProgramData\Symantec
2017-05-09 02:00 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-05-09 00:23 - 2015-07-16 10:13 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-09 00:22 - 2015-07-16 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-08 23:19 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-08 22:42 - 2015-12-16 00:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-08 22:42 - 2015-08-16 16:33 - 00000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-05-07 20:23 - 2015-08-16 14:57 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-07 20:18 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-05-07 20:17 - 2015-12-16 00:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 20:15 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-05-07 10:59 - 2016-03-04 00:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-02 13:44 - 2015-08-16 12:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-05-01 16:22 - 2016-03-09 09:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-05-01 16:22 - 2016-03-04 00:54 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-05-01 16:21 - 2015-08-31 15:27 - 00000000 ___RD C:\Users\Imogen\Creative Cloud Files
2017-04-30 03:42 - 2015-08-16 13:07 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 03:42 - 2015-08-16 13:07 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 13:32 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 13:29 - 2015-07-16 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-16 21:35 - 2015-08-16 11:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 21:32 - 2015-12-16 00:13 - 05009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:29 - 2015-08-16 18:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-16 20:26 - 2015-08-16 18:34 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-16 20:25 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-14 01:27 - 2016-03-04 00:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-14 00:42 - 2016-12-15 23:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-14 00:40 - 2015-08-16 16:36 - 00002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 00:40 - 2015-08-16 16:36 - 00000000 ___RD C:\Users\Imogen\OneDrive

==================== Files in the root of some directories =======

2015-09-04 09:28 - 2016-05-18 21:01 - 0000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 0001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 20:24

==================== End of FRST.txt ============================


aswMBR scan
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-05-09 23:12:23
-----------------------------
23:12:23.716 OS Version: Windows x64 6.2.9200
23:12:23.716 Number of processors: 8 586 0x3C03
23:12:23.717 ComputerName: IMOGENCOMPUTER UserName: Imogen
23:12:30.201 Initialize success
23:12:35.279 VM: initialized successfully
23:12:35.280 VM: Intel CPU supported
23:12:38.553 VM: disk I/O iaStorA.sys
23:12:46.282 AVAST engine defs: 17050904
23:12:48.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
23:12:48.325 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
23:12:48.332 Disk 0 MBR read successfully
23:12:48.334 Disk 0 MBR scan
23:12:48.337 Disk 0 unknown MBR code
23:12:48.340 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
23:12:48.347 Disk 0 scanning C:\WINDOWS\system32\drivers
23:12:51.649 Service scanning
23:12:58.610 Modules scanning
23:12:58.626 Disk 0 trace - called modules:
23:12:58.649 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys ACPI.sys storport.sys hal.dll iaStorA.sys
23:12:58.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001b9647060]
23:12:58.663 3 aswSP.sys[fffff801dc800432] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe001b964d060]
23:12:58.669 5 thpdrv.sys[fffff801d60d5c97] -> nt!IofCallDriver -> [0xffffe001b71c1550]
23:12:58.675 7 ACPI.sys[fffff801d4d81361] -> nt!IofCallDriver -> \Device\00000038[0xffffe001b71c3400]
23:13:00.203 AVAST engine scan C:\WINDOWS
23:13:02.436 AVAST engine scan C:\WINDOWS\system32
23:14:48.042 AVAST engine scan C:\WINDOWS\system32\drivers
23:14:54.141 AVAST engine scan C:\Users\Imogen
23:15:35.123 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Downloads\MBR.dat"
23:15:35.129 The log file has been saved successfully to "C:\Users\Imogen\Downloads\aswMBR.txt"

Juliet
2017-05-10, 16:08
Have you posted for help at any other forum(s)?

Symantec Endpoint Protection - security software suite (and not sure if it's related to antivirus and firewall was already installed?)
AVAST -antivirus <== appears to had installed but as you said might be corrupt.
McAfee, several files related to this security application, and not sure if it's related to antivirus and firewall.

See if you can remove all but 1 antivirus (security suite)
~~~~~~~~~~~~~~`

When Farbar Recovery Scan Tool (FRST) was first run a Addition.txt should had been created,
Can you post this log in your next reply.

imothom
2017-05-11, 07:19
I have not tried other sites. I have uninstalled McAfee and Avast and am now just using Symantec. I can't find the addition text from my first scan (I may have neglected to check the box for it), so I rescanned and have the addition text and new scan info. First is the addition text and then the new scan info.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Imogen (11-05-2017 00:07:12)
Running from C:\Users\Imogen\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-16 04:40:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2005569905-2985736349-4029353856-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2005569905-2985736349-4029353856-503 - Limited - Disabled)
Guest (S-1-5-21-2005569905-2985736349-4029353856-501 - Limited - Disabled)
Imogen (S-1-5-21-2005569905-2985736349-4029353856-1001 - Administrator - Enabled) => C:\Users\Imogen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\{3D82C954-2957-418B-908F-FE78BF3A8BEB}) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.00.53 - Portrait Displays, Inc.)
Coffee (HKLM-x32\...\{568300F4-7F75-4635-B50E-16EFB18C0CE0}) (Version: 1.0.3 - Steven Cole)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.7921 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector Touch (HKLM-x32\...\InstallShield_{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.)
CyberLink PowerDirector Touch (Version: 1.2.3121.0 - CyberLink Corp.) Hidden
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2127 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{18F87B39-E281-4228-B83D-627FFC77A466}) (Version: 12.1.6168.6000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 2.3.3.4 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-467DA054AAD9}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CD3002C-0914-4A72-9FBA-3E16552E16C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-04] (Microsoft Corporation)
Task: {2E72DEA5-5DEC-41DE-9393-E2CDAC0F84DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37FE118C-C5E7-4876-B98D-341FCED931FD} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
Task: {3E9D3C0D-DB1D-4679-8117-6B6B0F0F0225} - System32\Tasks\SafeZone scheduled Autoupdate 1494300916 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {5CFC143E-FE3E-4C2B-BD71-C4B84B2CDC83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-04] (Microsoft Corporation)
Task: {6AB1A140-48DB-4A35-8007-6488BC67B9AF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-08] (AVAST Software)
Task: {6FFE1449-012E-4903-A5F0-B1D67D066D09} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-04] (Microsoft Corporation)
Task: {7641054F-9517-440D-B604-1EFB8E8B69E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
Task: {9132004C-AA3D-4BEC-AC2E-122564211DD9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {94C1C016-C7BA-4F7D-8237-3CFA36D59CD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9D1A6807-B1C5-40EE-8A5F-ACC017FFE0BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {A1D16D10-A757-4EEA-BC57-BDF8831B052E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {A384693C-2256-45C3-A753-2E00F1F06641} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-16] (Microsoft Corporation)
Task: {A4E60AF1-2BEE-4675-A7E6-0BE45A1151DC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-imogen.thomas5654@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {BB33B09A-1921-4F2E-ADCD-B6A874591CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0936CBF-C092-4E33-84FA-F740EF9BCE71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C583CBED-0130-47E8-BFAD-877FCDAC1D1A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-08] (AVAST Software)
Task: {C95B6173-562E-4AAD-9D45-7F0D87393BA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {D05ACD09-AF38-4385-B1E3-4EF18B8B74D2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {D7FE3161-0572-4ABD-99F2-D1135CFB68D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DC9DB603-4E5B-45EA-B4AA-FA494C7CCF47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {E3025F92-323F-4629-A792-AEC706784C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {EC765D22-03E6-4FB7-B388-A691DC6B3C5D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-16] (Adobe Systems Incorporated)
Task: {EECEF24B-B536-470E-B9A9-C3DC66F1D004} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {FC5DED5F-93FC-44C1-A0C3-28982304595B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-27 16:53 - 2013-03-27 16:53 - 00163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-27 16:31 - 2014-02-27 16:31 - 00013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2014-12-12 11:57 - 2012-04-24 22:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-27 13:46 - 2015-05-27 13:46 - 00019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-03-14 16:21 - 2017-03-04 01:31 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-18 21:17 - 2017-04-02 11:07 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-17 17:44 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 13:07 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-14 16:21 - 2017-03-03 23:19 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:21 - 2017-03-03 23:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-14 01:48 - 2017-03-28 01:01 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-14 01:47 - 2017-03-28 01:04 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-03 23:09 - 2017-03-29 04:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-03 23:09 - 2017-03-29 04:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 17:24 - 2013-08-01 17:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-08-10 14:33 - 2015-08-10 14:33 - 00566328 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\AvPluginImpl.dll
2015-07-16 09:27 - 2013-12-09 18:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-08 23:24 - 2017-05-08 23:24 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\sharepoint.com -> hxxps://bard0-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-05-10 23:49 - 00000844 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imogen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
DNS Servers: 10.5.0.3 - 10.5.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EBC1DAC6-783B-4591-A32F-18412B3741D9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{9AD81E91-C680-4AB3-A569-0A036DA2E43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{1422AC0E-097A-4CAE-94B7-95EAEBD2D6AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{B7E4966C-BA89-4AA1-8FDD-4F42847EECD5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{69D50447-675B-4145-8065-CD3538C4B445}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{38CBBDEB-780A-457D-954E-2E057D8540B6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{84AAB974-9BBA-44A8-9C75-A64D8C27AA44}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{301762DD-BB2C-4F1E-A81A-9BC5EB53626D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1C54BC69-167C-4061-AEFD-5626E6987ADF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1E8C57AD-62D7-492E-A1B7-2305781FBD00}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2472F3C1-2C2C-4F11-8402-DF70A34E497D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B5E4A87-560E-419B-BE97-ADFF740285BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2CB06CEE-E1B8-4C54-98AC-8EFC3E330FF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{288E0BAE-B97F-4EA0-A5AF-1DED955072A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BE08D780-149F-40F4-9D3B-D0E73A8DD23B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FA83A6B0-8A69-4676-BB38-48E4C9D4F5E3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{02CC9AC9-A41A-4840-8F15-28230DCB9BBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59E54054-46A1-4F4A-A532-958911D2CFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16F8BE89-3759-464E-AF65-08C83AA22B35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF690903-5315-4BF4-992D-07AA481546D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61B4E6DA-D061-4493-A69E-6BE6E8184FE5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D4C2BA7-F623-4DB5-AC38-434D51A22093}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C94719FC-53EF-4BAE-B45B-4AB847DF14F0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Restore Points =========================

16-04-2017 19:54:43 Windows Update
30-04-2017 04:14:21 Scheduled Checkpoint
07-05-2017 11:55:36 Scheduled Checkpoint
08-05-2017 23:45:53 Removed Symantec Endpoint Protection.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2017 05:54:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/10/2017 05:54:39 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/10/2017 05:51:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3648078

Error: (05/10/2017 05:51:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3648078

Error: (05/10/2017 05:51:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2017 04:50:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/10/2017 04:50:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IMOGENCOMPUTER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/10/2017 04:50:12 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (05/10/2017 12:44:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/09/2017 10:21:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ImogenComputer.local already in use; will try ImogenComputer-2.local instead


System errors:
=============
Error: (05/10/2017 05:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3b3463d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2017 05:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3b3463d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2017 05:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3b3463d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2017 05:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3b3463d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/10/2017 04:50:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/10/2017 04:50:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_24c05f service to connect.

Error: (05/10/2017 04:50:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_24c05f service to connect.

Error: (05/10/2017 04:50:22 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_24c05f service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/10/2017 04:50:22 PM) (Source: DCOM) (EventID: 10010) (User: IMOGENCOMPUTER)
Description: The server App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca did not register with DCOM within the required timeout.

Error: (05/10/2017 04:50:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_24c05f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-04-18 23:49:35.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-18 21:55:04.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-18 13:31:01.763
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-04-16 21:34:24.381
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 14:24:57.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-19 14:10:38.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-16 20:42:02.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-16 14:30:24.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-15 15:25:03.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 19:33:58.201
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 16294.85 MB
Available physical RAM: 9761.39 MB
Total Virtual: 18726.85 MB
Available Virtual: 12354.71 MB

==================== Drives ================================

Drive c: (TI10707900C) (Fixed) (Total:917.44 GB) (Free:679.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (11-05-2017 00:05:49)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SmcGui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.3 10.5.0.2
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-05-11]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294920 2017-04-03] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-08] (AVAST Software)
S1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-08] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-08] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158368 2017-05-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-08] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20170503.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-26] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20170509.013\IDSvia64.sys [1012952 2016-10-27] (Symantec Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.021\ENG64.SYS [138912 2017-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20170509.021\EX64.SYS [2151072 2017-01-31] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 aswMBR; C:\Users\Imogen\AppData\Local\Temp\aswMBR.sys [62728 2017-05-09] () [File not signed] <==== ATTENTION
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-09 23:15 - 2017-05-09 23:15 - 00001959 _____ C:\Users\Imogen\Downloads\aswMBR.txt
2017-05-09 23:15 - 2017-05-09 23:15 - 00000512 _____ C:\Users\Imogen\Downloads\MBR.dat
2017-05-09 23:11 - 2017-05-09 23:12 - 05198336 _____ (AVAST Software) C:\Users\Imogen\Downloads\aswMBR.exe
2017-05-09 23:07 - 2017-05-09 23:08 - 00037381 _____ C:\Users\Imogen\Downloads\Addition.txt
2017-05-09 23:06 - 2017-05-11 00:06 - 00027802 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-05-09 23:06 - 2017-05-11 00:05 - 00000000 ____D C:\FRST
2017-05-09 23:06 - 2017-05-09 23:33 - 02429440 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64.exe
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignbb8752f25c5e4f93
2017-05-09 22:51 - 2017-05-09 22:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5eb56ba2926a4464
2017-05-09 00:23 - 2017-05-09 22:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-09 00:23 - 2017-05-09 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-08 23:35 - 2017-05-08 23:35 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1494300916
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-05-08 23:35 - 2017-05-08 23:35 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-08 23:34 - 2017-05-08 23:34 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-08 23:32 - 2017-05-08 23:32 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-IMOGENCOMPUTER-Windows-10-Home-(64-bit).dat
2017-05-08 23:32 - 2017-05-08 23:32 - 00000000 ____D C:\RegBackup
2017-05-08 23:31 - 2017-05-08 23:31 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-05-08 23:31 - 2017-05-08 23:31 - 00002323 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-05-08 23:31 - 2017-05-08 23:31 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-05-08 23:27 - 2017-05-08 23:30 - 05766144 _____ (Tweaking.com) C:\Users\Imogen\Downloads\tweaking.com_registry_backup_setup.exe
2017-05-08 23:26 - 2017-05-08 23:26 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-08 23:25 - 2017-05-08 23:25 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-08 23:25 - 2017-05-08 23:25 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Users\Imogen\AppData\Roaming\AVAST Software
2017-05-08 23:25 - 2017-05-08 23:25 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-08 23:24 - 2017-05-08 23:24 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-08 23:24 - 2017-05-08 23:24 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-08 23:24 - 2017-05-08 23:24 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-08 23:19 - 2017-05-08 23:34 - 00000000 ____D C:\Program Files\AVAST Software
2017-05-08 23:18 - 2017-05-08 23:18 - 06656392 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online (1).exe
2017-05-08 23:17 - 2017-05-09 00:40 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-08 22:46 - 2017-05-08 23:15 - 05641780 _____ (AVAST Software) C:\Users\Imogen\Downloads\avast_free_antivirus_setup_online.exe
2017-05-07 11:14 - 2017-05-07 11:14 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign88936b33f3666026
2017-05-07 11:08 - 2017-05-07 11:08 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8fcd434219a32605
2017-05-07 11:01 - 2017-05-07 11:01 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign15bb491b4f73eb02
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc6d807332f98d820
2017-05-07 11:00 - 2017-05-07 11:00 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8e1aa0e7e1ac92d8
2017-05-06 14:30 - 2017-05-09 22:52 - 49073448 _____ C:\Users\Imogen\Documents\Moderation .pptx
2017-05-06 14:07 - 2017-05-06 14:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8b1c4dba7551e4b6
2017-05-06 13:32 - 2017-05-06 13:32 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignfb7dc0c186d3df2f
2017-05-04 00:16 - 2017-05-04 00:16 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign3acdaaf9591245e0
2017-05-03 23:42 - 2017-05-03 23:42 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignaee176ea9c7fddc1
2017-05-02 15:13 - 2017-05-02 15:13 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5e21262d99fdd381
2017-05-02 15:07 - 2017-05-02 15:07 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign27077d95ae692278
2017-05-02 12:18 - 2017-05-02 12:18 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign1b26663478104246
2017-05-02 11:58 - 2017-05-02 11:58 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncaa5c550e3394230
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigncdd5d4651dae365d
2017-05-02 11:53 - 2017-05-02 11:53 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign69d02f78260485b9
2017-05-02 11:52 - 2017-05-02 11:52 - 00000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign4d61311d652fe865
2017-04-27 15:10 - 2017-04-27 17:37 - 00000000 ____D C:\Users\Imogen\Documents\New School Syllabi
2017-04-27 15:09 - 2017-04-27 15:09 - 00389497 _____ C:\Users\Imogen\Downloads\TNS_WritingOrality_Sullivan_S2017.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00257883 _____ C:\Users\Imogen\Downloads\newschoolSYLLABUS2016.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00096965 _____ C:\Users\Imogen\Downloads\Creative Technologies 2015.pdf
2017-04-27 15:09 - 2017-04-27 15:09 - 00087975 _____ C:\Users\Imogen\Downloads\NSD_BFA_AestheticInquiry1_Fall2015.pdf
2017-04-17 22:25 - 2017-04-17 22:25 - 01537938 _____ C:\Users\Imogen\Downloads\15-16 NSSR Catalog - Final Draft.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Downloads\SexyLizards_draft4.pdf
2017-04-17 21:57 - 2017-04-17 21:57 - 00275453 _____ C:\Users\Imogen\Documents\SexyLizards_draft4.pdf
2017-04-16 16:46 - 2017-04-16 16:46 - 00004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-14 01:49 - 2017-03-28 05:11 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 05:05 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-04-14 01:49 - 2017-03-28 04:59 - 00262400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-14 01:49 - 2017-03-28 04:52 - 00168360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-14 01:49 - 2017-03-28 04:51 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-14 01:49 - 2017-03-28 04:50 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-14 01:49 - 2017-03-28 03:53 - 06958304 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:49 - 2017-03-28 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 03:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-14 01:49 - 2017-03-28 03:45 - 00958120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 02944592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-14 01:49 - 2017-03-28 03:44 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-04-14 01:49 - 2017-03-28 03:41 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-14 01:49 - 2017-03-28 03:40 - 05240440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-14 01:49 - 2017-03-28 03:08 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-14 01:49 - 2017-03-28 03:08 - 00316248 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01522664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-14 01:49 - 2017-03-28 03:06 - 01370736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-14 01:49 - 2017-03-28 02:41 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 02:37 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-14 01:49 - 2017-03-28 02:26 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-14 01:49 - 2017-03-28 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-14 01:49 - 2017-03-28 02:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-14 01:49 - 2017-03-28 02:17 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-14 01:49 - 2017-03-28 02:12 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-14 01:49 - 2017-03-28 02:10 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-14 01:49 - 2017-03-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-14 01:49 - 2017-03-28 02:06 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-04-14 01:49 - 2017-03-28 02:01 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-04-14 01:49 - 2017-03-28 01:57 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-14 01:49 - 2017-03-28 01:56 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-14 01:49 - 2017-03-28 01:53 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-04-14 01:49 - 2017-03-28 01:47 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:49 - 2017-03-28 01:43 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-04-14 01:49 - 2017-03-28 01:42 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-14 01:49 - 2017-03-28 01:41 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:35 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-14 01:49 - 2017-03-28 01:33 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-14 01:49 - 2017-03-28 01:32 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-04-14 01:49 - 2017-03-28 01:19 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-14 01:49 - 2017-03-28 01:18 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-14 01:49 - 2017-03-28 01:11 - 01501696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-14 01:49 - 2017-03-28 01:08 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-14 01:49 - 2017-03-28 01:04 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-14 01:49 - 2017-03-28 00:47 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-04-14 01:49 - 2017-03-28 00:45 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-14 01:49 - 2017-03-28 00:41 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-14 01:49 - 2017-03-28 00:13 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-14 01:49 - 2017-03-18 12:41 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-04-14 01:48 - 2017-03-28 06:20 - 00100192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-04-14 01:48 - 2017-03-28 06:18 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 06:17 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-14 01:48 - 2017-03-28 05:18 - 08710320 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-14 01:48 - 2017-03-28 05:11 - 03698216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-14 01:48 - 2017-03-28 05:06 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-14 01:48 - 2017-03-28 04:51 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-14 01:48 - 2017-03-28 04:12 - 00388888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-14 01:48 - 2017-03-28 04:05 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-14 01:48 - 2017-03-28 03:52 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 03:42 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-14 01:48 - 2017-03-28 03:17 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-14 01:48 - 2017-03-28 03:16 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-04-14 01:48 - 2017-03-28 03:10 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 03:01 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-04-14 01:48 - 2017-03-28 02:56 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-04-14 01:48 - 2017-03-28 02:53 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 02:51 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 02:48 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-14 01:48 - 2017-03-28 02:46 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 02:26 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-14 01:48 - 2017-03-28 02:20 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-14 01:48 - 2017-03-28 02:12 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-14 01:48 - 2017-03-28 02:05 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-14 01:48 - 2017-03-28 02:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-14 01:48 - 2017-03-28 01:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-14 01:48 - 2017-03-28 01:53 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-14 01:48 - 2017-03-28 01:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-14 01:48 - 2017-03-28 01:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-14 01:48 - 2017-03-28 01:40 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-14 01:48 - 2017-03-28 01:39 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-04-14 01:48 - 2017-03-28 01:36 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-14 01:48 - 2017-03-28 01:36 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-14 01:48 - 2017-03-28 00:48 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-14 01:48 - 2017-03-28 00:46 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-14 01:48 - 2017-03-28 00:45 - 12134912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-14 01:48 - 2017-03-28 00:31 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-14 01:48 - 2017-03-18 16:39 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-14 01:47 - 2017-03-28 06:19 - 00202480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-14 01:47 - 2017-03-28 06:17 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-14 01:47 - 2017-03-28 06:14 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-14 01:47 - 2017-03-28 06:12 - 00061792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-04-14 01:47 - 2017-03-28 05:51 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-04-14 01:47 - 2017-03-28 05:12 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-14 01:47 - 2017-03-28 05:08 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-14 01:47 - 2017-03-28 05:05 - 01540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-14 01:47 - 2017-03-28 05:05 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-04-14 01:47 - 2017-03-28 05:03 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-04-14 01:47 - 2017-03-28 05:03 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-14 01:47 - 2017-03-28 04:30 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-14 01:47 - 2017-03-28 04:29 - 01986912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-14 01:47 - 2017-03-28 04:29 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-14 01:47 - 2017-03-28 04:29 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-14 01:47 - 2017-03-28 04:28 - 01777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-14 01:47 - 2017-03-28 04:28 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-14 01:47 - 2017-03-28 03:52 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-04-14 01:47 - 2017-03-28 03:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-14 01:47 - 2017-03-28 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-14 01:47 - 2017-03-28 03:48 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-14 01:47 - 2017-03-28 03:40 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 03:38 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-14 01:47 - 2017-03-28 03:37 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-14 01:47 - 2017-03-28 03:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-14 01:47 - 2017-03-28 03:31 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-14 01:47 - 2017-03-28 03:29 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-14 01:47 - 2017-03-28 03:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-04-14 01:47 - 2017-03-28 03:21 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-04-14 01:47 - 2017-03-28 03:20 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-14 01:47 - 2017-03-28 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-14 01:47 - 2017-03-28 03:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-14 01:47 - 2017-03-28 03:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-14 01:47 - 2017-03-28 03:13 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-14 01:47 - 2017-03-28 03:09 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-14 01:47 - 2017-03-28 02:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-04-14 01:47 - 2017-03-28 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-14 01:47 - 2017-03-28 02:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-14 01:47 - 2017-03-28 02:53 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-14 01:47 - 2017-03-28 02:44 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-04-14 01:47 - 2017-03-28 02:41 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-14 01:47 - 2017-03-28 02:40 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-04-14 01:47 - 2017-03-28 02:21 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-14 01:47 - 2017-03-28 02:19 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-14 01:47 - 2017-03-28 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-14 01:47 - 2017-03-28 02:06 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-14 01:47 - 2017-03-28 01:55 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-04-14 01:47 - 2017-03-28 01:44 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-14 01:47 - 2017-03-28 01:42 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-04-14 01:47 - 2017-03-28 01:30 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-14 01:47 - 2017-03-28 01:29 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-14 01:47 - 2017-03-28 01:22 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 24604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-14 01:47 - 2017-03-28 01:20 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-14 01:47 - 2017-03-28 01:06 - 07856640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-14 01:47 - 2017-03-28 01:01 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-14 01:47 - 2017-03-20 21:36 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-11 00:03 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 00:03 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-11 00:03 - 2015-08-16 12:51 - 00000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-05-10 23:49 - 2015-08-16 13:06 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-05-10 23:45 - 2015-12-16 00:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-10 23:45 - 2015-08-16 16:33 - 00000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-05-10 13:02 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-10 12:44 - 2015-08-31 15:22 - 00000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-05-09 23:33 - 2015-08-31 15:37 - 00000000 ____D C:\ProgramData\Symantec
2017-05-09 22:58 - 2015-07-16 10:12 - 00000000 ____D C:\ProgramData\Skype
2017-05-09 00:23 - 2015-07-16 10:13 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-09 00:22 - 2015-07-16 09:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-08 23:19 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-07 20:23 - 2015-08-16 14:57 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-07 20:18 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-05-07 20:17 - 2015-12-16 00:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 20:15 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-05-07 10:59 - 2016-03-04 00:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-01 16:21 - 2015-08-31 15:27 - 00000000 ___RD C:\Users\Imogen\Creative Cloud Files
2017-04-30 03:42 - 2015-08-16 13:07 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-30 03:42 - 2015-08-16 13:07 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-22 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2017-04-18 13:32 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 13:29 - 2015-07-16 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-16 21:35 - 2015-08-16 11:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 21:32 - 2015-12-16 00:13 - 05009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-16 21:04 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-16 20:29 - 2015-08-16 18:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-16 20:26 - 2015-08-16 18:34 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-16 16:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-14 01:27 - 2016-03-04 00:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-14 00:42 - 2016-12-15 23:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-14 00:40 - 2015-08-16 16:36 - 00002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-14 00:40 - 2015-08-16 16:36 - 00000000 ___RD C:\Users\Imogen\OneDrive

==================== Files in the root of some directories =======

2015-09-04 09:28 - 2016-05-18 21:01 - 0000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 0001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 20:24

==================== End of FRST.txt ============================

Juliet
2017-05-11, 12:44
Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

Right click on the created text below and select Copy.

Start::
CreateRestorePoint:
EndProcesses:
U1 aswbdisk; no ImagePath
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe
CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-467DA054AAD9}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2E72DEA5-5DEC-41DE-9393-E2CDAC0F84DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {94C1C016-C7BA-4F7D-8237-3CFA36D59CD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BB33B09A-1921-4F2E-ADCD-B6A874591CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0936CBF-C092-4E33-84FA-F740EF9BCE71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7FE3161-0572-4ABD-99F2-D1135CFB68D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End::

Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM3_zpsw0f8rn9n.jpg

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review


Exit Malwarebytes


~~~

Zemana AntiMalware Free download it from here (https://www.zemana.com/Download/AntiMalware/Setup/Free/Zemana.AntiMalware.Setup.exe):


Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.
You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.

When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan
When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.

Zemana AntiMalware will now start to remove all the malicious programs from your computer.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

open Zemana AntiMalware again and locate the latest report
please paste the contents into your reply


When the process is complete, you can close Zemana AntiMalware

~~~

Please post these 3 logs when finished.

Juliet
2017-05-13, 13:51
Still need help?

imothom
2017-05-15, 01:55
Fix Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Imogen (13-05-2017 17:58:31) Run:1
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
EndProcesses:
U1 aswbdisk; no ImagePath
2015-09-01 07:11 - 2015-09-01 07:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll
2016-01-18 20:36 - 2015-09-01 07:11 - 0162120 _____ (McAfee Inc.) C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe
2017-03-01 21:53 - 2017-03-01 21:53 - 19617792 _____ () C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe
2017-05-09 00:22 - 2017-05-09 00:22 - 14456872 _____ (Microsoft Corporation) C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe
CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-467DA054AAD9}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: {2E72DEA5-5DEC-41DE-9393-E2CDAC0F84DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {94C1C016-C7BA-4F7D-8237-3CFA36D59CD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BB33B09A-1921-4F2E-ADCD-B6A874591CA9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C0936CBF-C092-4E33-84FA-F740EF9BCE71} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7FE3161-0572-4ABD-99F2-D1135CFB68D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:

*****************

Restore point was successfully created.
EndProcesses: => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
C:\Users\Imogen\AppData\Local\Temp\McCSPInstall.dll => moved successfully
C:\Users\Imogen\AppData\Local\Temp\mccspuninstall.exe => moved successfully
C:\Users\Imogen\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Imogen\AppData\Local\Temp\vc_redist.x86.exe => moved successfully
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-467DA054AAD9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E72DEA5-5DEC-41DE-9393-E2CDAC0F84DF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E72DEA5-5DEC-41DE-9393-E2CDAC0F84DF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94C1C016-C7BA-4F7D-8237-3CFA36D59CD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C1C016-C7BA-4F7D-8237-3CFA36D59CD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB33B09A-1921-4F2E-ADCD-B6A874591CA9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB33B09A-1921-4F2E-ADCD-B6A874591CA9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0936CBF-C092-4E33-84FA-F740EF9BCE71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0936CBF-C092-4E33-84FA-F740EF9BCE71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7FE3161-0572-4ABD-99F2-D1135CFB68D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7FE3161-0572-4ABD-99F2-D1135CFB68D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1063343458 B
Java, Flash, Steam htmlcache => 1821 B
Windows/system/drivers => 415469880 B
Edge => 20602954 B
Chrome => 878139095 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 3416 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 407 B
systemprofile32 => 0 B
LocalService => 106786 B
NetworkService => 21082 B
Imogen => 5249314206 B

RecycleBin => 580445071 B
EmptyTemp: => 7.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-05-2017 18:52:20)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

==== End of Fixlog 18:52:20 ====

imothom
2017-05-15, 02:22
Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/14/17
Scan Time: 7:00 PM
Log File: report scan.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1940
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: IMOGENCOMPUTER\Imogen

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376324
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 7 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

imothom
2017-05-15, 03:32
Zemana Log:

Zemana AntiMalware 2.72.2.388 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/5/14
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 122C6AABA274CC1AF8531A
Scan Type : System Scan
Duration : 23m 2s
Scanned Objects : 131835
Detected Objects : 0
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected

Juliet
2017-05-15, 12:15
Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply


tell me what the computer is doing now.

imothom
2017-05-16, 18:14
I haven't done the newest scan yet. But are you seeing anything from any of the other ones?

The original things that I wrote about haven't happened again, the computer is just running more slowly than usual.

Should I keep running scans? Will having all these different scan/antivirals make them less effective?

Juliet
2017-05-16, 23:07
I haven't done the newest scan yet. But are you seeing anything from any of the other ones?

The original things that I wrote about haven't happened again, the computer is just running more slowly than usual.

Should I keep running scans? Will having all these different scan/antivirals make them less effective?

I think it would be wise to run the last one requested.

Also, Microsoft is pushing out a few new windows updates over the last few days.

imothom
2017-05-18, 16:35
Emsisoft Emergency Kit - Version 2017.4
Last update: 5/18/2017 9:26:50 AM
User account: IMOGENCOMPUTER\Imogen
Computer name: IMOGENCOMPUTER
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 5/18/2017 9:30:07 AM

Scanned 80313
Found 0

Scan end: 5/18/2017 9:33:56 AM
Scan time: 0:03:49

Juliet
2017-05-18, 22:46
Will having all these different scan/antivirals make them less effective?
I meant to answer this earlier and forgot, no, these tools coincide with each other for specific scanning. They are updated differently and search different areas of a computer.
When finished we will remove them and related quarantine folders.

~~

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Juliet
2017-05-25, 16:14
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.