imothom
2017-10-11, 06:01
Hello! My computer has a virus (maybe several). I believe it has been on my computer for some time, but an alert recently appeared via Semantic Endpoint Protection that I am infected with the Trojan.Gen.2 virus. According to my computer, it is quarantined, but I am getting several popup messages that could be from the virus and my computer is incredibly slow. I am concerned about my information being compromised and the someone remotely accessing my computer using the virus. I am also concerned that my files on the computer are compromised and I am afraid to back them up onto my hard drive lest I spread the virus there.
Here is my FARBAR LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (10-10-2017 22:38:56)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 170904-1742 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SavUI.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-06] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify Web Helper] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
R3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
R3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
R3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
R3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
R3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
R3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
R3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20171002.005\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20171010.011\IDSvia64.sys [1056920 2017-09-22] (Symantec Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-06] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-13] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\ENG64.SYS [138880 2017-06-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\EX64.SYS [2152064 2017-06-08] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-14] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 22:39 - 2017-10-10 22:39 - 005198336 _____ (AVAST Software) C:\Users\Imogen\Downloads\aswMBR (1).exe
2017-10-10 22:36 - 2017-10-10 22:36 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (2).exe
2017-10-10 22:35 - 2017-10-10 22:35 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
2017-10-10 22:21 - 2017-10-10 22:21 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.150768846578102
2017-10-10 22:20 - 2017-10-10 22:20 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-02 18:32 - 2017-10-02 18:32 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8a24a289c8b23b38
2017-10-02 18:31 - 2017-10-02 18:31 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign80085d5144711912
2017-09-30 12:21 - 2017-09-30 12:21 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-30 12:21 - 2017-09-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-30 12:20 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iPod
2017-09-30 12:19 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iTunes
2017-09-30 12:12 - 2017-09-30 12:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-30 12:11 - 2017-09-30 12:11 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-29 20:44 - 2017-10-02 19:41 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-29 00:21 - 2017-09-29 20:44 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-29 00:20 - 2017-10-10 22:34 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-09-29 00:20 - 2017-10-02 19:42 - 000000000 ___HD C:\$GetCurrent
2017-09-29 00:19 - 2017-10-10 22:35 - 000000000 ____D C:\Windows10Upgrade
2017-09-29 00:19 - 2017-10-10 22:34 - 000000808 _____ C:\Users\Imogen\Desktop\Windows 10 Update Assistant.lnk
2017-09-29 00:06 - 2017-09-29 00:06 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-09-27 14:23 - 2017-09-27 14:23 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5ee5f4573fcdfe05
2017-09-27 14:07 - 2017-09-27 14:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigne3cf91e2102521ac
2017-09-24 21:43 - 2017-09-24 21:43 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign2ded4c44589b0933
2017-09-24 21:42 - 2017-09-24 21:42 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign19a95e5da5032d1e
2017-09-23 12:18 - 2017-09-23 12:18 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignffcbcc1389802a89
2017-09-23 12:01 - 2017-09-23 12:01 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign14947d40c0627211
2017-09-20 17:09 - 2017-09-20 17:09 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc822c6133215b226
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign866d8ebbbfeeea20
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5fbba4f6740b53c7
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign297cc218c723f802
2017-09-16 10:46 - 2017-09-16 10:46 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-13 15:11 - 2017-09-05 05:07 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:56 - 001552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-09-13 15:11 - 2017-09-05 03:51 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 03:45 - 006536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-09-13 15:11 - 2017-09-05 03:20 - 000845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000035624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 15:11 - 2017-09-05 02:47 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2017-09-13 15:11 - 2017-09-05 02:38 - 001349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-09-13 15:11 - 2017-09-05 02:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2017-09-13 15:11 - 2017-09-05 02:32 - 002946672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 15:11 - 2017-09-05 02:32 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 02:29 - 021123832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 005240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-09-13 15:11 - 2017-09-05 02:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-09-13 15:11 - 2017-09-05 02:23 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-13 15:11 - 2017-09-05 02:06 - 000546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 15:11 - 2017-09-05 02:06 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 15:11 - 2017-09-05 02:05 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001523184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001368176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 15:11 - 2017-09-05 01:54 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 15:11 - 2017-09-05 01:40 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 15:11 - 2017-09-05 01:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 01:30 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 15:11 - 2017-09-05 01:19 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 15:11 - 2017-09-05 01:15 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-09-13 15:11 - 2017-09-05 01:12 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-09-13 15:11 - 2017-09-05 01:11 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 15:11 - 2017-09-05 01:11 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-09-13 15:11 - 2017-09-05 01:10 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 15:11 - 2017-09-05 01:09 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 15:11 - 2017-09-05 01:08 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-13 15:11 - 2017-09-05 01:06 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-09-13 15:11 - 2017-09-05 01:03 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 15:11 - 2017-09-05 01:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-13 15:11 - 2017-09-05 01:02 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-09-13 15:11 - 2017-09-05 01:01 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-09-13 15:11 - 2017-09-05 00:57 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-13 15:11 - 2017-09-05 00:55 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:11 - 2017-09-05 00:51 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 15:11 - 2017-09-05 00:48 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 15:11 - 2017-09-05 00:48 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-09-13 15:11 - 2017-09-05 00:47 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 15:11 - 2017-09-05 00:46 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:45 - 001151488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-09-13 15:11 - 2017-09-05 00:45 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 15:11 - 2017-09-05 00:41 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 15:11 - 2017-09-05 00:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-09-13 15:11 - 2017-09-05 00:38 - 003695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:36 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-09-13 15:11 - 2017-09-05 00:23 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 001123328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-09-13 15:11 - 2017-09-05 00:18 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 15:11 - 2017-09-05 00:13 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 004412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 003053568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 006296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 001799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-09-13 15:11 - 2017-09-05 00:07 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-13 15:11 - 2017-09-05 00:06 - 004759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 15:11 - 2017-09-05 00:04 - 005205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-13 15:11 - 2017-09-04 23:55 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-13 15:11 - 2017-09-04 23:51 - 004404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 005327872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 006742528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-13 15:11 - 2017-09-04 23:39 - 002632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-09-13 15:11 - 2017-09-04 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 15:11 - 2017-06-17 01:56 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-13 15:11 - 2017-06-03 05:44 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-13 15:11 - 2016-09-07 00:31 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-09-13 15:11 - 2016-09-07 00:28 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-09-13 15:10 - 2017-09-05 05:32 - 001997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 05:11 - 000042928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 15:10 - 2017-09-05 03:57 - 000245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 022560232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 006605000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 15:10 - 2017-09-05 03:19 - 001558288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 03:05 - 000388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 15:10 - 2017-09-05 02:59 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 15:10 - 2017-09-05 02:46 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 02:28 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 15:10 - 2017-09-05 02:27 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 15:10 - 2017-09-05 02:17 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 15:10 - 2017-09-05 02:10 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 15:10 - 2017-09-05 02:04 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-09-13 15:10 - 2017-09-05 02:01 - 000727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 15:10 - 2017-09-05 01:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:10 - 2017-09-05 01:56 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 15:10 - 2017-09-05 01:52 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 15:10 - 2017-09-05 01:48 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 15:10 - 2017-09-05 01:44 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 15:10 - 2017-09-05 01:31 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 01:30 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 15:10 - 2017-09-05 01:18 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 15:10 - 2017-09-05 01:17 - 001122816 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 15:10 - 2017-09-05 01:03 - 007977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-13 15:10 - 2017-09-05 00:44 - 007200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-13 15:10 - 2017-09-05 00:42 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-09-13 15:10 - 2017-09-05 00:15 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 15:10 - 2016-10-25 01:42 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-09-13 15:09 - 2017-09-05 05:34 - 001030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-13 15:09 - 2017-09-05 05:32 - 001098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 007463776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 15:09 - 2017-09-05 05:29 - 001819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 15:09 - 2017-09-05 05:27 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 15:09 - 2017-09-05 05:14 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 15:09 - 2017-09-05 04:40 - 003449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-09-13 15:09 - 2017-09-05 03:51 - 003700816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 15:09 - 2017-09-05 03:48 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-09-13 15:09 - 2017-09-05 03:46 - 001540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 15:09 - 2017-09-05 03:46 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-09-13 15:09 - 2017-09-05 03:45 - 001128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-09-13 15:09 - 2017-09-05 03:44 - 000625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 15:09 - 2017-09-05 03:44 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-09-13 15:09 - 2017-09-05 03:44 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-09-13 15:09 - 2017-09-05 03:19 - 000636816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 15:09 - 2017-09-05 03:19 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 15:09 - 2017-09-05 03:18 - 001777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 001597520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 15:09 - 2017-09-05 02:45 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 15:09 - 2017-09-05 02:45 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-09-13 15:09 - 2017-09-05 02:27 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-09-13 15:09 - 2017-09-05 02:25 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2017-09-13 15:09 - 2017-09-05 02:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-09-13 15:09 - 2017-09-05 02:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 15:09 - 2017-09-05 02:22 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-09-13 15:09 - 2017-09-05 02:20 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-09-13 15:09 - 2017-09-05 02:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 02:12 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 15:09 - 2017-09-05 02:12 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 15:09 - 2017-09-05 02:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-09-13 15:09 - 2017-09-05 02:09 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-09-13 15:09 - 2017-09-05 02:06 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-09-13 15:09 - 2017-09-05 02:05 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 02:04 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 15:09 - 2017-09-05 02:02 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 15:09 - 2017-09-05 01:59 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 002125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-09-13 15:09 - 2017-09-05 01:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-09-13 15:09 - 2017-09-05 01:48 - 002129920 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 01:46 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 15:09 - 2017-09-05 01:44 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 15:09 - 2017-09-05 01:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 01:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-09-13 15:09 - 2017-09-05 01:40 - 001292800 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 15:09 - 2017-09-05 01:38 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 004456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 15:09 - 2017-09-05 01:35 - 002054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 15:09 - 2017-09-05 01:28 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-09-13 15:09 - 2017-09-05 01:21 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 01:20 - 003588608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 15:09 - 2017-09-05 01:20 - 002610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 15:09 - 2017-09-05 01:13 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 003046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-13 15:09 - 2017-09-05 01:06 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 004827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 003355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 01:03 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 15:09 - 2017-09-05 01:01 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 002635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 00:56 - 005503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-13 15:09 - 2017-09-05 00:54 - 003585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-09-13 15:09 - 2017-09-05 00:47 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 15:09 - 2017-09-05 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 00:45 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 00:45 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 15:09 - 2017-09-05 00:40 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 00:34 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 15:09 - 2017-09-05 00:31 - 022377472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 15:09 - 2017-09-05 00:28 - 013410816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 15:09 - 2017-09-05 00:24 - 006978048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 024606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 006312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-09-13 15:09 - 2017-09-05 00:21 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 007841792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 15:09 - 2017-09-05 00:02 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-13 15:09 - 2017-09-04 23:57 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 019346432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 018675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 012155904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 15:09 - 2017-09-04 23:37 - 005661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 15:08 - 2017-09-05 03:41 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-13 15:08 - 2017-09-05 02:25 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 15:08 - 2017-09-05 02:18 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-13 15:08 - 2017-09-05 02:11 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-09-13 15:08 - 2017-09-05 01:59 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-09-13 15:08 - 2017-09-05 01:43 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 15:08 - 2017-09-05 01:37 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-09-13 15:08 - 2017-09-05 01:03 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 15:08 - 2017-09-05 00:16 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-10 20:11 - 2017-09-10 20:11 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignec558effb061a8d7
2017-09-10 20:07 - 2017-09-10 20:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign7d8ae5031cff08eb
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 22:39 - 2017-05-14 19:24 - 002723387 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-10 22:39 - 2017-05-14 19:24 - 002434650 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-10 22:39 - 2017-05-09 23:06 - 000028508 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-10-10 22:38 - 2017-05-09 23:06 - 000000000 ____D C:\FRST
2017-10-10 22:38 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 22:37 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 22:37 - 2015-08-31 15:37 - 000000000 ____D C:\ProgramData\Symantec
2017-10-10 22:23 - 2017-07-20 18:05 - 000000000 ____D C:\Program Files\rempl
2017-10-10 22:21 - 2015-08-16 13:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-10-10 22:20 - 2017-05-08 23:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-10 22:20 - 2017-05-08 23:24 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-10 22:20 - 2017-05-08 23:17 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-10 22:19 - 2017-05-08 23:24 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-10 22:17 - 2015-08-31 15:22 - 000000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-10-10 22:11 - 2015-12-16 00:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-10 22:11 - 2015-08-16 16:33 - 000000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-10-04 15:44 - 2015-08-16 12:51 - 000000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-10-01 21:39 - 2015-10-30 03:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-30 13:40 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Local\Spotify
2017-09-30 13:38 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Spotify
2017-09-30 12:11 - 2016-12-24 17:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-29 20:44 - 2015-12-16 03:12 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-29 20:27 - 2015-07-16 10:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-29 00:18 - 2015-10-30 03:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-26 20:25 - 2017-05-08 23:24 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfa032f16843534e7.tmp
2017-09-26 15:33 - 2015-08-16 13:08 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 15:33 - 2015-08-16 13:08 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-23 21:42 - 2017-07-29 20:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2005569905-2985736349-4029353856-1001
2017-09-23 21:42 - 2015-08-16 16:36 - 000002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-23 21:42 - 2015-08-16 16:36 - 000000000 ___RD C:\Users\Imogen\OneDrive
2017-09-23 12:00 - 2015-12-16 00:21 - 000000000 ____D C:\Users\Imogen
2017-09-19 23:54 - 2015-08-16 16:34 - 000000000 ____D C:\Users\Imogen\AppData\Local\Publishers
2017-09-19 08:26 - 2017-05-08 23:24 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3e8f634e5e362e68.tmp
2017-09-17 14:36 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-15 18:55 - 2016-01-27 22:01 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Skype
2017-09-13 22:04 - 2015-08-16 14:57 - 000879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-13 22:01 - 2015-08-16 11:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 21:58 - 2017-05-14 18:57 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 21:58 - 2015-12-16 00:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 21:58 - 2015-12-16 00:13 - 005009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 17:53 - 2015-10-30 02:28 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\DevicesFlow
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-13 15:23 - 2015-08-16 18:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 15:21 - 2015-10-30 03:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 15:21 - 2015-08-16 18:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2015-09-04 09:28 - 2016-05-18 21:01 - 000000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 000001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 000000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-01 21:53
==================== End of FRST.txt ============================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Imogen (10-10-2017 22:40:46)
Running from C:\Users\Imogen\Downloads
Windows 10 Home Version 1511 170904-1742 (X64) (2015-12-16 04:40:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2005569905-2985736349-4029353856-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2005569905-2985736349-4029353856-503 - Limited - Disabled)
Guest (S-1-5-21-2005569905-2985736349-4029353856-501 - Limited - Disabled)
Imogen (S-1-5-21-2005569905-2985736349-4029353856-1001 - Administrator - Enabled) => C:\Users\Imogen
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\{05E6D311-4793-44BE-ACA2-A50B5B5129AE}) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.00.53 - Portrait Displays, Inc.)
Coffee (HKLM-x32\...\{568300F4-7F75-4635-B50E-16EFB18C0CE0}) (Version: 1.0.3 - Steven Cole)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.7921 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector Touch (HKLM\...\{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector Touch (HKLM-x32\...\InstallShield_{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
King Oddball (HKLM-x32\...\WTA-16523265-5c95-4371-a35f-f9b54c7c7030) (Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PX Profile Update (HKLM-x32\...\{733F4823-8E3A-67FA-7E25-EB368567437A}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{18F87B39-E281-4228-B83D-627FFC77A466}) (Version: 12.1.6168.6000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 2.3.3.4 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.49 - Zemana Ltd.)
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D1DF1F-E0D4-4546-ADA4-B27C769E2E3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {086A05B4-807B-4949-8C5F-04E2E3DF54A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-10] (AVAST Software)
Task: {09D7B895-3B2D-40A3-98A0-3DFCDEAB7C52} - System32\Tasks\SafeZone scheduled Autoupdate 1494300916 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {37FE118C-C5E7-4876-B98D-341FCED931FD} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
Task: {437D5321-3648-4ADF-8689-D4D1BF6D65AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {4F635F49-F6E0-4027-A554-792A68BCAB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6F35671E-9C9D-41C9-A663-E10DDC6A6F53} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {7641054F-9517-440D-B604-1EFB8E8B69E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
Task: {7F7DD807-B95A-409B-BC50-34D6BD597DBA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {80D41E4A-BF13-421B-9748-3B3B55A6D544} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-16] (Adobe Systems Incorporated)
Task: {9132004C-AA3D-4BEC-AC2E-122564211DD9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {9CDA6356-3594-4542-921B-70757974618D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {A384693C-2256-45C3-A753-2E00F1F06641} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {A4E60AF1-2BEE-4675-A7E6-0BE45A1151DC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-imogen.thomas5654@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B1A8CE3D-E729-486D-9B9B-B8406F8C7FF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {BAD9AB5C-4662-4C81-AF3F-B1EC4FBA6821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-29] (Microsoft Corporation)
Task: {C583CBED-0130-47E8-BFAD-877FCDAC1D1A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CAAE93C8-59F9-4355-9431-10381EEDD273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D05ACD09-AF38-4385-B1E3-4EF18B8B74D2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {DC9DB603-4E5B-45EA-B4AA-FA494C7CCF47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {E3025F92-323F-4629-A792-AEC706784C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {FC5DED5F-93FC-44C1-A0C3-28982304595B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-03-27 16:53 - 2013-03-27 16:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2014-02-27 16:31 - 2014-02-27 16:31 - 000013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2014-12-12 11:57 - 2012-04-24 22:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-27 13:46 - 2015-05-27 13:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-14 16:21 - 2017-03-04 01:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-18 21:17 - 2017-09-29 00:06 - 008931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-17 17:44 - 2015-12-07 00:14 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 13:07 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-14 16:21 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:21 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 15:09 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-08-01 17:24 - 2013-08-01 17:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 000218456 _____ () c:\windows\system32\WerEtw.dll
2015-08-10 14:33 - 2015-08-10 14:33 - 000566328 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\AvPluginImpl.dll
2015-07-16 09:27 - 2013-12-09 18:26 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-06 10:44 - 2017-07-06 10:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 052051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 000099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\sharepoint.com -> hxxps://bard0-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2017-05-13 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imogen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
DNS Servers: 10.5.0.2 - 10.5.0.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EBC1DAC6-783B-4591-A32F-18412B3741D9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{9AD81E91-C680-4AB3-A569-0A036DA2E43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{1422AC0E-097A-4CAE-94B7-95EAEBD2D6AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{B7E4966C-BA89-4AA1-8FDD-4F42847EECD5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{69D50447-675B-4145-8065-CD3538C4B445}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{38CBBDEB-780A-457D-954E-2E057D8540B6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{84AAB974-9BBA-44A8-9C75-A64D8C27AA44}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{301762DD-BB2C-4F1E-A81A-9BC5EB53626D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1C54BC69-167C-4061-AEFD-5626E6987ADF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1E8C57AD-62D7-492E-A1B7-2305781FBD00}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2472F3C1-2C2C-4F11-8402-DF70A34E497D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B5E4A87-560E-419B-BE97-ADFF740285BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{288E0BAE-B97F-4EA0-A5AF-1DED955072A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{02CC9AC9-A41A-4840-8F15-28230DCB9BBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59E54054-46A1-4F4A-A532-958911D2CFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16F8BE89-3759-464E-AF65-08C83AA22B35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF690903-5315-4BF4-992D-07AA481546D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC143D06-E504-45E7-904C-59242F8A1543}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A854DFFD-5400-4B4B-8749-A393CDAD22A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E7F31244-11D5-4BAA-A482-A33F98B67D03}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{F73C6B3F-03C0-43B0-9C31-D2D19219C475}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{EFDD668D-6742-4347-89C6-16000F219BCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46FA8CDD-3DD2-44A7-9828-19C892C877A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{75C9CBE9-FC3B-483D-A895-FD65E1DED8D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
17-09-2017 14:36:32 Scheduled Checkpoint
29-09-2017 00:05:02 Windows Update
10-10-2017 22:21:51 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 10:37:45 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh8d1f.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.
Error: (10/10/2017 10:35:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/10/2017 10:28:50 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh4c88.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.
Error: (10/10/2017 10:22:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/04/2017 05:52:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (10/04/2017 05:52:40 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (10/04/2017 02:09:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/03/2017 10:51:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6672
Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6672
System errors:
=============
Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 02:18:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
Error: (10/03/2017 10:35:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Feature update to Windows 10, version 1703.
CodeIntegrity:
===================================
Date: 2017-09-29 20:28:54.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-29 00:15:08.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 20:38:37.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-14 20:00:47.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-13 21:59:40.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-13 15:28:27.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-25 01:56:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 12:45:06.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-09 11:21:58.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-09 03:25:35.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 38%
Total physical RAM: 16294.85 MB
Available physical RAM: 9974.41 MB
Total Virtual: 29685.75 MB
Available Virtual: 23540.21 MB
==================== Drives ================================
Drive c: (TI10707900C) (Fixed) (Total:917.44 GB) (Free:663.21 GB) NTFS
Drive e: () (Removable) (Total:14.83 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR LOG:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-10-10 22:44:59
-----------------------------
22:44:59.794 OS Version: Windows x64 6.2.9200
22:44:59.794 Number of processors: 8 586 0x3C03
22:44:59.795 ComputerName: IMOGENCOMPUTER UserName: Imogen
22:45:03.548 Initialize success
22:45:03.550 VM: initialized successfully
22:45:03.551 VM: Intel CPU supported virtualized
22:45:22.284 VM: disk I/O iaStorA.sys
22:45:30.196 AVAST engine defs: 17101004
22:45:38.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
22:45:38.210 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
22:45:38.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000043
22:45:38.213 Disk 1 Vendor: Realtek_ 1.00 Size: 15193MB BusType: 1
22:45:38.356 Disk 0 MBR read successfully
22:45:38.359 Disk 0 MBR scan
22:45:38.362 Disk 0 unknown MBR code
22:45:38.364 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:45:38.370 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:45.408 Service scanning
22:45:58.668 Modules scanning
22:45:58.682 Disk 0 trace - called modules:
22:45:58.692 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys hal.dll
22:45:58.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00049217060]
22:45:58.705 3 aswSP.sys[fffff800659b1b9e] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe0004921e060]
22:46:02.047 AVAST engine scan C:\WINDOWS
22:46:06.641 AVAST engine scan C:\WINDOWS\system32
22:48:55.716 AVAST engine scan C:\WINDOWS\system32\drivers
22:49:09.408 AVAST engine scan C:\Users\Imogen
22:58:29.494 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\MBR.dat"
22:58:29.500 The log file has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\aswMBR 10-10-17.txt"
Here is my FARBAR LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (10-10-2017 22:38:56)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 170904-1742 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SavUI.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-06] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify Web Helper] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
R3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
R3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
R3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
R3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
R3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
R3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
R3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20171002.005\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20171010.011\IDSvia64.sys [1056920 2017-09-22] (Symantec Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-06] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-13] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\ENG64.SYS [138880 2017-06-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\EX64.SYS [2152064 2017-06-08] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-14] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 22:39 - 2017-10-10 22:39 - 005198336 _____ (AVAST Software) C:\Users\Imogen\Downloads\aswMBR (1).exe
2017-10-10 22:36 - 2017-10-10 22:36 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (2).exe
2017-10-10 22:35 - 2017-10-10 22:35 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
2017-10-10 22:21 - 2017-10-10 22:21 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.150768846578102
2017-10-10 22:20 - 2017-10-10 22:20 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-02 18:32 - 2017-10-02 18:32 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8a24a289c8b23b38
2017-10-02 18:31 - 2017-10-02 18:31 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign80085d5144711912
2017-09-30 12:21 - 2017-09-30 12:21 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-30 12:21 - 2017-09-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-30 12:20 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iPod
2017-09-30 12:19 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iTunes
2017-09-30 12:12 - 2017-09-30 12:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-30 12:11 - 2017-09-30 12:11 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-29 20:44 - 2017-10-02 19:41 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-29 00:21 - 2017-09-29 20:44 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-29 00:20 - 2017-10-10 22:34 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-09-29 00:20 - 2017-10-02 19:42 - 000000000 ___HD C:\$GetCurrent
2017-09-29 00:19 - 2017-10-10 22:35 - 000000000 ____D C:\Windows10Upgrade
2017-09-29 00:19 - 2017-10-10 22:34 - 000000808 _____ C:\Users\Imogen\Desktop\Windows 10 Update Assistant.lnk
2017-09-29 00:06 - 2017-09-29 00:06 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-09-27 14:23 - 2017-09-27 14:23 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5ee5f4573fcdfe05
2017-09-27 14:07 - 2017-09-27 14:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigne3cf91e2102521ac
2017-09-24 21:43 - 2017-09-24 21:43 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign2ded4c44589b0933
2017-09-24 21:42 - 2017-09-24 21:42 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign19a95e5da5032d1e
2017-09-23 12:18 - 2017-09-23 12:18 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignffcbcc1389802a89
2017-09-23 12:01 - 2017-09-23 12:01 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign14947d40c0627211
2017-09-20 17:09 - 2017-09-20 17:09 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc822c6133215b226
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign866d8ebbbfeeea20
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5fbba4f6740b53c7
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign297cc218c723f802
2017-09-16 10:46 - 2017-09-16 10:46 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-13 15:11 - 2017-09-05 05:07 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:56 - 001552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-09-13 15:11 - 2017-09-05 03:51 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 03:45 - 006536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-09-13 15:11 - 2017-09-05 03:20 - 000845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000035624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 15:11 - 2017-09-05 02:47 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2017-09-13 15:11 - 2017-09-05 02:38 - 001349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-09-13 15:11 - 2017-09-05 02:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2017-09-13 15:11 - 2017-09-05 02:32 - 002946672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 15:11 - 2017-09-05 02:32 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 02:29 - 021123832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 005240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-09-13 15:11 - 2017-09-05 02:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-09-13 15:11 - 2017-09-05 02:23 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-13 15:11 - 2017-09-05 02:06 - 000546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 15:11 - 2017-09-05 02:06 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 15:11 - 2017-09-05 02:05 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001523184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001368176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 15:11 - 2017-09-05 01:54 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 15:11 - 2017-09-05 01:40 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 15:11 - 2017-09-05 01:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 01:30 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 15:11 - 2017-09-05 01:19 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 15:11 - 2017-09-05 01:15 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-09-13 15:11 - 2017-09-05 01:12 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-09-13 15:11 - 2017-09-05 01:11 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 15:11 - 2017-09-05 01:11 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-09-13 15:11 - 2017-09-05 01:10 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 15:11 - 2017-09-05 01:09 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 15:11 - 2017-09-05 01:08 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-13 15:11 - 2017-09-05 01:06 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-09-13 15:11 - 2017-09-05 01:03 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 15:11 - 2017-09-05 01:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-13 15:11 - 2017-09-05 01:02 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-09-13 15:11 - 2017-09-05 01:01 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-09-13 15:11 - 2017-09-05 00:57 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-13 15:11 - 2017-09-05 00:55 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:11 - 2017-09-05 00:51 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 15:11 - 2017-09-05 00:48 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 15:11 - 2017-09-05 00:48 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-09-13 15:11 - 2017-09-05 00:47 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 15:11 - 2017-09-05 00:46 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:45 - 001151488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-09-13 15:11 - 2017-09-05 00:45 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 15:11 - 2017-09-05 00:41 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 15:11 - 2017-09-05 00:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-09-13 15:11 - 2017-09-05 00:38 - 003695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:36 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-09-13 15:11 - 2017-09-05 00:23 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 001123328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-09-13 15:11 - 2017-09-05 00:18 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 15:11 - 2017-09-05 00:13 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 004412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 003053568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 006296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 001799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-09-13 15:11 - 2017-09-05 00:07 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-13 15:11 - 2017-09-05 00:06 - 004759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 15:11 - 2017-09-05 00:04 - 005205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-13 15:11 - 2017-09-04 23:55 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-13 15:11 - 2017-09-04 23:51 - 004404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 005327872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 006742528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-13 15:11 - 2017-09-04 23:39 - 002632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-09-13 15:11 - 2017-09-04 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 15:11 - 2017-06-17 01:56 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-13 15:11 - 2017-06-03 05:44 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-13 15:11 - 2016-09-07 00:31 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-09-13 15:11 - 2016-09-07 00:28 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-09-13 15:10 - 2017-09-05 05:32 - 001997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 05:11 - 000042928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 15:10 - 2017-09-05 03:57 - 000245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 022560232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 006605000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 15:10 - 2017-09-05 03:19 - 001558288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 03:05 - 000388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 15:10 - 2017-09-05 02:59 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 15:10 - 2017-09-05 02:46 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 02:28 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 15:10 - 2017-09-05 02:27 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 15:10 - 2017-09-05 02:17 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 15:10 - 2017-09-05 02:10 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 15:10 - 2017-09-05 02:04 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-09-13 15:10 - 2017-09-05 02:01 - 000727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 15:10 - 2017-09-05 01:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:10 - 2017-09-05 01:56 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 15:10 - 2017-09-05 01:52 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 15:10 - 2017-09-05 01:48 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 15:10 - 2017-09-05 01:44 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 15:10 - 2017-09-05 01:31 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 01:30 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 15:10 - 2017-09-05 01:18 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 15:10 - 2017-09-05 01:17 - 001122816 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 15:10 - 2017-09-05 01:03 - 007977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-13 15:10 - 2017-09-05 00:44 - 007200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-13 15:10 - 2017-09-05 00:42 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-09-13 15:10 - 2017-09-05 00:15 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 15:10 - 2016-10-25 01:42 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-09-13 15:09 - 2017-09-05 05:34 - 001030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-13 15:09 - 2017-09-05 05:32 - 001098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 007463776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 15:09 - 2017-09-05 05:29 - 001819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 15:09 - 2017-09-05 05:27 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 15:09 - 2017-09-05 05:14 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 15:09 - 2017-09-05 04:40 - 003449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-09-13 15:09 - 2017-09-05 03:51 - 003700816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 15:09 - 2017-09-05 03:48 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-09-13 15:09 - 2017-09-05 03:46 - 001540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 15:09 - 2017-09-05 03:46 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-09-13 15:09 - 2017-09-05 03:45 - 001128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-09-13 15:09 - 2017-09-05 03:44 - 000625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 15:09 - 2017-09-05 03:44 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-09-13 15:09 - 2017-09-05 03:44 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-09-13 15:09 - 2017-09-05 03:19 - 000636816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 15:09 - 2017-09-05 03:19 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 15:09 - 2017-09-05 03:18 - 001777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 001597520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 15:09 - 2017-09-05 02:45 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 15:09 - 2017-09-05 02:45 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-09-13 15:09 - 2017-09-05 02:27 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-09-13 15:09 - 2017-09-05 02:25 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2017-09-13 15:09 - 2017-09-05 02:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-09-13 15:09 - 2017-09-05 02:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 15:09 - 2017-09-05 02:22 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-09-13 15:09 - 2017-09-05 02:20 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-09-13 15:09 - 2017-09-05 02:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 02:12 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 15:09 - 2017-09-05 02:12 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 15:09 - 2017-09-05 02:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-09-13 15:09 - 2017-09-05 02:09 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-09-13 15:09 - 2017-09-05 02:06 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-09-13 15:09 - 2017-09-05 02:05 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 02:04 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 15:09 - 2017-09-05 02:02 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 15:09 - 2017-09-05 01:59 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 002125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-09-13 15:09 - 2017-09-05 01:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-09-13 15:09 - 2017-09-05 01:48 - 002129920 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 01:46 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 15:09 - 2017-09-05 01:44 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 15:09 - 2017-09-05 01:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 01:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-09-13 15:09 - 2017-09-05 01:40 - 001292800 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 15:09 - 2017-09-05 01:38 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 004456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 15:09 - 2017-09-05 01:35 - 002054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 15:09 - 2017-09-05 01:28 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-09-13 15:09 - 2017-09-05 01:21 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 01:20 - 003588608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 15:09 - 2017-09-05 01:20 - 002610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 15:09 - 2017-09-05 01:13 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 003046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-13 15:09 - 2017-09-05 01:06 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 004827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 003355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 01:03 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 15:09 - 2017-09-05 01:01 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 002635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 00:56 - 005503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-13 15:09 - 2017-09-05 00:54 - 003585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-09-13 15:09 - 2017-09-05 00:47 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 15:09 - 2017-09-05 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 00:45 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 00:45 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 15:09 - 2017-09-05 00:40 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 00:34 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 15:09 - 2017-09-05 00:31 - 022377472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 15:09 - 2017-09-05 00:28 - 013410816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 15:09 - 2017-09-05 00:24 - 006978048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 024606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 006312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-09-13 15:09 - 2017-09-05 00:21 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 007841792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 15:09 - 2017-09-05 00:02 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-13 15:09 - 2017-09-04 23:57 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 019346432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 018675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 012155904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 15:09 - 2017-09-04 23:37 - 005661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 15:08 - 2017-09-05 03:41 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-13 15:08 - 2017-09-05 02:25 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 15:08 - 2017-09-05 02:18 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-13 15:08 - 2017-09-05 02:11 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-09-13 15:08 - 2017-09-05 01:59 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-09-13 15:08 - 2017-09-05 01:43 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 15:08 - 2017-09-05 01:37 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-09-13 15:08 - 2017-09-05 01:03 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 15:08 - 2017-09-05 00:16 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-10 20:11 - 2017-09-10 20:11 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignec558effb061a8d7
2017-09-10 20:07 - 2017-09-10 20:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign7d8ae5031cff08eb
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-10-10 22:39 - 2017-05-14 19:24 - 002723387 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-10 22:39 - 2017-05-14 19:24 - 002434650 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-10 22:39 - 2017-05-09 23:06 - 000028508 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-10-10 22:38 - 2017-05-09 23:06 - 000000000 ____D C:\FRST
2017-10-10 22:38 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 22:37 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 22:37 - 2015-08-31 15:37 - 000000000 ____D C:\ProgramData\Symantec
2017-10-10 22:23 - 2017-07-20 18:05 - 000000000 ____D C:\Program Files\rempl
2017-10-10 22:21 - 2015-08-16 13:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-10-10 22:20 - 2017-05-08 23:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-10 22:20 - 2017-05-08 23:24 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-10 22:20 - 2017-05-08 23:17 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-10 22:19 - 2017-05-08 23:24 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-10 22:17 - 2015-08-31 15:22 - 000000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-10-10 22:11 - 2015-12-16 00:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-10 22:11 - 2015-08-16 16:33 - 000000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-10-04 15:44 - 2015-08-16 12:51 - 000000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-10-01 21:39 - 2015-10-30 03:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-30 13:40 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Local\Spotify
2017-09-30 13:38 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Spotify
2017-09-30 12:11 - 2016-12-24 17:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-29 20:44 - 2015-12-16 03:12 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-29 20:27 - 2015-07-16 10:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-29 00:18 - 2015-10-30 03:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-26 20:25 - 2017-05-08 23:24 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfa032f16843534e7.tmp
2017-09-26 15:33 - 2015-08-16 13:08 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 15:33 - 2015-08-16 13:08 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-23 21:42 - 2017-07-29 20:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2005569905-2985736349-4029353856-1001
2017-09-23 21:42 - 2015-08-16 16:36 - 000002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-23 21:42 - 2015-08-16 16:36 - 000000000 ___RD C:\Users\Imogen\OneDrive
2017-09-23 12:00 - 2015-12-16 00:21 - 000000000 ____D C:\Users\Imogen
2017-09-19 23:54 - 2015-08-16 16:34 - 000000000 ____D C:\Users\Imogen\AppData\Local\Publishers
2017-09-19 08:26 - 2017-05-08 23:24 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3e8f634e5e362e68.tmp
2017-09-17 14:36 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-15 18:55 - 2016-01-27 22:01 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Skype
2017-09-13 22:04 - 2015-08-16 14:57 - 000879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-13 22:01 - 2015-08-16 11:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 21:58 - 2017-05-14 18:57 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 21:58 - 2015-12-16 00:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 21:58 - 2015-12-16 00:13 - 005009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 17:53 - 2015-10-30 02:28 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\DevicesFlow
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-13 15:23 - 2015-08-16 18:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 15:21 - 2015-10-30 03:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 15:21 - 2015-08-16 18:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2015-09-04 09:28 - 2016-05-18 21:01 - 000000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 000001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 000000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-01 21:53
==================== End of FRST.txt ============================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Imogen (10-10-2017 22:40:46)
Running from C:\Users\Imogen\Downloads
Windows 10 Home Version 1511 170904-1742 (X64) (2015-12-16 04:40:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2005569905-2985736349-4029353856-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2005569905-2985736349-4029353856-503 - Limited - Disabled)
Guest (S-1-5-21-2005569905-2985736349-4029353856-501 - Limited - Disabled)
Imogen (S-1-5-21-2005569905-2985736349-4029353856-1001 - Administrator - Enabled) => C:\Users\Imogen
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\{05E6D311-4793-44BE-ACA2-A50B5B5129AE}) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.00.53 - Portrait Displays, Inc.)
Coffee (HKLM-x32\...\{568300F4-7F75-4635-B50E-16EFB18C0CE0}) (Version: 1.0.3 - Steven Cole)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.7921 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector Touch (HKLM\...\{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector Touch (HKLM-x32\...\InstallShield_{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
King Oddball (HKLM-x32\...\WTA-16523265-5c95-4371-a35f-f9b54c7c7030) (Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PX Profile Update (HKLM-x32\...\{733F4823-8E3A-67FA-7E25-EB368567437A}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{18F87B39-E281-4228-B83D-627FFC77A466}) (Version: 12.1.6168.6000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 2.3.3.4 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.49 - Zemana Ltd.)
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00D1DF1F-E0D4-4546-ADA4-B27C769E2E3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {086A05B4-807B-4949-8C5F-04E2E3DF54A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-10] (AVAST Software)
Task: {09D7B895-3B2D-40A3-98A0-3DFCDEAB7C52} - System32\Tasks\SafeZone scheduled Autoupdate 1494300916 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {37FE118C-C5E7-4876-B98D-341FCED931FD} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
Task: {437D5321-3648-4ADF-8689-D4D1BF6D65AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {4F635F49-F6E0-4027-A554-792A68BCAB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6F35671E-9C9D-41C9-A663-E10DDC6A6F53} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {7641054F-9517-440D-B604-1EFB8E8B69E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
Task: {7F7DD807-B95A-409B-BC50-34D6BD597DBA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {80D41E4A-BF13-421B-9748-3B3B55A6D544} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-16] (Adobe Systems Incorporated)
Task: {9132004C-AA3D-4BEC-AC2E-122564211DD9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {9CDA6356-3594-4542-921B-70757974618D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {A384693C-2256-45C3-A753-2E00F1F06641} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {A4E60AF1-2BEE-4675-A7E6-0BE45A1151DC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-imogen.thomas5654@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B1A8CE3D-E729-486D-9B9B-B8406F8C7FF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {BAD9AB5C-4662-4C81-AF3F-B1EC4FBA6821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-29] (Microsoft Corporation)
Task: {C583CBED-0130-47E8-BFAD-877FCDAC1D1A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CAAE93C8-59F9-4355-9431-10381EEDD273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D05ACD09-AF38-4385-B1E3-4EF18B8B74D2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {DC9DB603-4E5B-45EA-B4AA-FA494C7CCF47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {E3025F92-323F-4629-A792-AEC706784C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {FC5DED5F-93FC-44C1-A0C3-28982304595B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-03-27 16:53 - 2013-03-27 16:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2014-02-27 16:31 - 2014-02-27 16:31 - 000013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2014-12-12 11:57 - 2012-04-24 22:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-27 13:46 - 2015-05-27 13:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-14 16:21 - 2017-03-04 01:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-18 21:17 - 2017-09-29 00:06 - 008931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-17 17:44 - 2015-12-07 00:14 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 13:07 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-14 16:21 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:21 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 15:09 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-08-01 17:24 - 2013-08-01 17:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 000218456 _____ () c:\windows\system32\WerEtw.dll
2015-08-10 14:33 - 2015-08-10 14:33 - 000566328 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\AvPluginImpl.dll
2015-07-16 09:27 - 2013-12-09 18:26 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-06 10:44 - 2017-07-06 10:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 052051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 000099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\sharepoint.com -> hxxps://bard0-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2017-05-13 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imogen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
DNS Servers: 10.5.0.2 - 10.5.0.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{EBC1DAC6-783B-4591-A32F-18412B3741D9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{9AD81E91-C680-4AB3-A569-0A036DA2E43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{1422AC0E-097A-4CAE-94B7-95EAEBD2D6AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{B7E4966C-BA89-4AA1-8FDD-4F42847EECD5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{69D50447-675B-4145-8065-CD3538C4B445}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{38CBBDEB-780A-457D-954E-2E057D8540B6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{84AAB974-9BBA-44A8-9C75-A64D8C27AA44}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{301762DD-BB2C-4F1E-A81A-9BC5EB53626D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1C54BC69-167C-4061-AEFD-5626E6987ADF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1E8C57AD-62D7-492E-A1B7-2305781FBD00}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2472F3C1-2C2C-4F11-8402-DF70A34E497D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B5E4A87-560E-419B-BE97-ADFF740285BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{288E0BAE-B97F-4EA0-A5AF-1DED955072A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{02CC9AC9-A41A-4840-8F15-28230DCB9BBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59E54054-46A1-4F4A-A532-958911D2CFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16F8BE89-3759-464E-AF65-08C83AA22B35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF690903-5315-4BF4-992D-07AA481546D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC143D06-E504-45E7-904C-59242F8A1543}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A854DFFD-5400-4B4B-8749-A393CDAD22A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E7F31244-11D5-4BAA-A482-A33F98B67D03}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{F73C6B3F-03C0-43B0-9C31-D2D19219C475}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{EFDD668D-6742-4347-89C6-16000F219BCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46FA8CDD-3DD2-44A7-9828-19C892C877A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{75C9CBE9-FC3B-483D-A895-FD65E1DED8D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
17-09-2017 14:36:32 Scheduled Checkpoint
29-09-2017 00:05:02 Windows Update
10-10-2017 22:21:51 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/10/2017 10:37:45 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh8d1f.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.
Error: (10/10/2017 10:35:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/10/2017 10:28:50 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh4c88.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.
Error: (10/10/2017 10:22:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/04/2017 05:52:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (10/04/2017 05:52:40 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (10/04/2017 02:09:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/03/2017 10:51:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6672
Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6672
System errors:
=============
Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/10/2017 10:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2017 02:18:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
Error: (10/03/2017 10:35:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Feature update to Windows 10, version 1703.
CodeIntegrity:
===================================
Date: 2017-09-29 20:28:54.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-29 00:15:08.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-25 20:38:37.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-14 20:00:47.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-13 21:59:40.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-09-13 15:28:27.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-25 01:56:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 12:45:06.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-09 11:21:58.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-08-09 03:25:35.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 38%
Total physical RAM: 16294.85 MB
Available physical RAM: 9974.41 MB
Total Virtual: 29685.75 MB
Available Virtual: 23540.21 MB
==================== Drives ================================
Drive c: (TI10707900C) (Fixed) (Total:917.44 GB) (Free:663.21 GB) NTFS
Drive e: () (Removable) (Total:14.83 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR LOG:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-10-10 22:44:59
-----------------------------
22:44:59.794 OS Version: Windows x64 6.2.9200
22:44:59.794 Number of processors: 8 586 0x3C03
22:44:59.795 ComputerName: IMOGENCOMPUTER UserName: Imogen
22:45:03.548 Initialize success
22:45:03.550 VM: initialized successfully
22:45:03.551 VM: Intel CPU supported virtualized
22:45:22.284 VM: disk I/O iaStorA.sys
22:45:30.196 AVAST engine defs: 17101004
22:45:38.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
22:45:38.210 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
22:45:38.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000043
22:45:38.213 Disk 1 Vendor: Realtek_ 1.00 Size: 15193MB BusType: 1
22:45:38.356 Disk 0 MBR read successfully
22:45:38.359 Disk 0 MBR scan
22:45:38.362 Disk 0 unknown MBR code
22:45:38.364 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:45:38.370 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:45.408 Service scanning
22:45:58.668 Modules scanning
22:45:58.682 Disk 0 trace - called modules:
22:45:58.692 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys hal.dll
22:45:58.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00049217060]
22:45:58.705 3 aswSP.sys[fffff800659b1b9e] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe0004921e060]
22:46:02.047 AVAST engine scan C:\WINDOWS
22:46:06.641 AVAST engine scan C:\WINDOWS\system32
22:48:55.716 AVAST engine scan C:\WINDOWS\system32\drivers
22:49:09.408 AVAST engine scan C:\Users\Imogen
22:58:29.494 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\MBR.dat"
22:58:29.500 The log file has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\aswMBR 10-10-17.txt"