PDA

View Full Version : Toshiba Satellite with Windows 10 has Virus



imothom
2017-10-11, 06:01
Hello! My computer has a virus (maybe several). I believe it has been on my computer for some time, but an alert recently appeared via Semantic Endpoint Protection that I am infected with the Trojan.Gen.2 virus. According to my computer, it is quarantined, but I am getting several popup messages that could be from the virus and my computer is incredibly slow. I am concerned about my information being compromised and the someone remotely accessing my computer using the virus. I am also concerned that my files on the computer are compromised and I am afraid to back them up onto my hard drive lest I spread the virus there.

Here is my FARBAR LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
Ran by Imogen (administrator) on IMOGENCOMPUTER (10-10-2017 22:38:56)
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Platform: Windows 10 Home Version 1511 170904-1742 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Windows\SysWOW64\SMITSC.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SavUI.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-06] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify Web Helper] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.2 10.5.0.3
Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-16] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-06] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-06] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
R3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
R3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
R3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
R3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
R3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
R3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
R3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20171002.005\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20171010.011\IDSvia64.sys [1056920 2017-09-22] (Symantec Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-06] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-13] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\ENG64.SYS [138880 2017-06-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\EX64.SYS [2152064 2017-06-08] (Symantec Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-14] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-14] (Zemana Ltd.)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 22:39 - 2017-10-10 22:39 - 005198336 _____ (AVAST Software) C:\Users\Imogen\Downloads\aswMBR (1).exe
2017-10-10 22:36 - 2017-10-10 22:36 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (2).exe
2017-10-10 22:35 - 2017-10-10 22:35 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
2017-10-10 22:21 - 2017-10-10 22:21 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.150768846578102
2017-10-10 22:20 - 2017-10-10 22:20 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-02 18:32 - 2017-10-02 18:32 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8a24a289c8b23b38
2017-10-02 18:31 - 2017-10-02 18:31 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign80085d5144711912
2017-09-30 12:21 - 2017-09-30 12:21 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-09-30 12:21 - 2017-09-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-30 12:20 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iPod
2017-09-30 12:19 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iTunes
2017-09-30 12:12 - 2017-09-30 12:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-30 12:11 - 2017-09-30 12:11 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-29 20:44 - 2017-10-02 19:41 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-29 00:21 - 2017-09-29 20:44 - 000000036 _____ C:\WINDOWS\progress.ini
2017-09-29 00:20 - 2017-10-10 22:34 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-09-29 00:20 - 2017-10-02 19:42 - 000000000 ___HD C:\$GetCurrent
2017-09-29 00:19 - 2017-10-10 22:35 - 000000000 ____D C:\Windows10Upgrade
2017-09-29 00:19 - 2017-10-10 22:34 - 000000808 _____ C:\Users\Imogen\Desktop\Windows 10 Update Assistant.lnk
2017-09-29 00:06 - 2017-09-29 00:06 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2017-09-27 14:23 - 2017-09-27 14:23 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5ee5f4573fcdfe05
2017-09-27 14:07 - 2017-09-27 14:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigne3cf91e2102521ac
2017-09-24 21:43 - 2017-09-24 21:43 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign2ded4c44589b0933
2017-09-24 21:42 - 2017-09-24 21:42 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign19a95e5da5032d1e
2017-09-23 12:18 - 2017-09-23 12:18 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignffcbcc1389802a89
2017-09-23 12:01 - 2017-09-23 12:01 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign14947d40c0627211
2017-09-20 17:09 - 2017-09-20 17:09 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc822c6133215b226
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign866d8ebbbfeeea20
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5fbba4f6740b53c7
2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign297cc218c723f802
2017-09-16 10:46 - 2017-09-16 10:46 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-09-13 15:11 - 2017-09-05 05:07 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:56 - 001552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-09-13 15:11 - 2017-09-05 03:51 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 03:45 - 006536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-09-13 15:11 - 2017-09-05 03:20 - 000845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 15:11 - 2017-09-05 03:19 - 001542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-09-13 15:11 - 2017-09-05 03:11 - 000035624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 15:11 - 2017-09-05 02:47 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2017-09-13 15:11 - 2017-09-05 02:38 - 001349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-09-13 15:11 - 2017-09-05 02:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2017-09-13 15:11 - 2017-09-05 02:32 - 002946672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 15:11 - 2017-09-05 02:32 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 15:11 - 2017-09-05 02:29 - 021123832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 005240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 15:11 - 2017-09-05 02:29 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-09-13 15:11 - 2017-09-05 02:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-09-13 15:11 - 2017-09-05 02:23 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-13 15:11 - 2017-09-05 02:06 - 000546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 15:11 - 2017-09-05 02:06 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 15:11 - 2017-09-05 02:05 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001523184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 001368176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 15:11 - 2017-09-05 02:04 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 15:11 - 2017-09-05 01:54 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 15:11 - 2017-09-05 01:40 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 15:11 - 2017-09-05 01:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 01:30 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 15:11 - 2017-09-05 01:19 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 15:11 - 2017-09-05 01:15 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 15:11 - 2017-09-05 01:13 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-09-13 15:11 - 2017-09-05 01:12 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-09-13 15:11 - 2017-09-05 01:11 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 15:11 - 2017-09-05 01:11 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-09-13 15:11 - 2017-09-05 01:10 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 15:11 - 2017-09-05 01:09 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 15:11 - 2017-09-05 01:08 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-13 15:11 - 2017-09-05 01:06 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-09-13 15:11 - 2017-09-05 01:03 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 15:11 - 2017-09-05 01:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-13 15:11 - 2017-09-05 01:02 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-09-13 15:11 - 2017-09-05 01:01 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-09-13 15:11 - 2017-09-05 01:00 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-09-13 15:11 - 2017-09-05 00:57 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-13 15:11 - 2017-09-05 00:55 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 15:11 - 2017-09-05 00:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 15:11 - 2017-09-05 00:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:11 - 2017-09-05 00:51 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 15:11 - 2017-09-05 00:48 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 15:11 - 2017-09-05 00:48 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-09-13 15:11 - 2017-09-05 00:47 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 15:11 - 2017-09-05 00:46 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:45 - 001151488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-09-13 15:11 - 2017-09-05 00:45 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 15:11 - 2017-09-05 00:41 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 15:11 - 2017-09-05 00:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-09-13 15:11 - 2017-09-05 00:38 - 003695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-09-13 15:11 - 2017-09-05 00:37 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 15:11 - 2017-09-05 00:36 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-09-13 15:11 - 2017-09-05 00:23 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-09-13 15:11 - 2017-09-05 00:20 - 001123328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 15:11 - 2017-09-05 00:19 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-09-13 15:11 - 2017-09-05 00:18 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-09-13 15:11 - 2017-09-05 00:16 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 15:11 - 2017-09-05 00:13 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 004412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 003053568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-09-13 15:11 - 2017-09-05 00:12 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 15:11 - 2017-09-05 00:11 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 006296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-13 15:11 - 2017-09-05 00:10 - 001799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-09-13 15:11 - 2017-09-05 00:07 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-13 15:11 - 2017-09-05 00:06 - 004759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 15:11 - 2017-09-05 00:04 - 005205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-13 15:11 - 2017-09-04 23:55 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-13 15:11 - 2017-09-04 23:51 - 004404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 005327872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 15:11 - 2017-09-04 23:48 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 006742528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 15:11 - 2017-09-04 23:44 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-13 15:11 - 2017-09-04 23:39 - 002632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-09-13 15:11 - 2017-09-04 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 15:11 - 2017-06-17 01:56 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-13 15:11 - 2017-06-03 05:44 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-13 15:11 - 2016-09-07 00:31 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-09-13 15:11 - 2016-09-07 00:28 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-09-13 15:10 - 2017-09-05 05:32 - 001997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 05:11 - 000042928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 15:10 - 2017-09-05 03:57 - 000245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 022560232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 15:10 - 2017-09-05 03:47 - 006605000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 15:10 - 2017-09-05 03:19 - 001558288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 15:10 - 2017-09-05 03:05 - 000388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 15:10 - 2017-09-05 02:59 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 15:10 - 2017-09-05 02:46 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 02:28 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 15:10 - 2017-09-05 02:27 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 15:10 - 2017-09-05 02:19 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 15:10 - 2017-09-05 02:17 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 15:10 - 2017-09-05 02:10 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 15:10 - 2017-09-05 02:04 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-09-13 15:10 - 2017-09-05 02:01 - 000727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 15:10 - 2017-09-05 01:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-09-13 15:10 - 2017-09-05 01:56 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 15:10 - 2017-09-05 01:52 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 15:10 - 2017-09-05 01:48 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 15:10 - 2017-09-05 01:44 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 15:10 - 2017-09-05 01:31 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 15:10 - 2017-09-05 01:30 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 15:10 - 2017-09-05 01:18 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 15:10 - 2017-09-05 01:17 - 001122816 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 15:10 - 2017-09-05 01:03 - 007977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-13 15:10 - 2017-09-05 00:44 - 007200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-13 15:10 - 2017-09-05 00:42 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-09-13 15:10 - 2017-09-05 00:15 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 15:10 - 2016-10-25 01:42 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-09-13 15:09 - 2017-09-05 05:34 - 001030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-13 15:09 - 2017-09-05 05:32 - 001098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 007463776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 15:09 - 2017-09-05 05:29 - 001819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 15:09 - 2017-09-05 05:27 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 15:09 - 2017-09-05 05:14 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 15:09 - 2017-09-05 04:40 - 003449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-09-13 15:09 - 2017-09-05 03:51 - 003700816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 15:09 - 2017-09-05 03:48 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-09-13 15:09 - 2017-09-05 03:46 - 001540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 15:09 - 2017-09-05 03:46 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-09-13 15:09 - 2017-09-05 03:45 - 001128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-09-13 15:09 - 2017-09-05 03:44 - 000625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 15:09 - 2017-09-05 03:44 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-09-13 15:09 - 2017-09-05 03:44 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-09-13 15:09 - 2017-09-05 03:19 - 000636816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 15:09 - 2017-09-05 03:19 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 15:09 - 2017-09-05 03:18 - 001777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 001597520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 15:09 - 2017-09-05 03:18 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 15:09 - 2017-09-05 02:45 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 15:09 - 2017-09-05 02:45 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 02:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 15:09 - 2017-09-05 02:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-09-13 15:09 - 2017-09-05 02:27 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-09-13 15:09 - 2017-09-05 02:25 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 15:09 - 2017-09-05 02:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2017-09-13 15:09 - 2017-09-05 02:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-09-13 15:09 - 2017-09-05 02:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 15:09 - 2017-09-05 02:22 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-09-13 15:09 - 2017-09-05 02:20 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-09-13 15:09 - 2017-09-05 02:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-09-13 15:09 - 2017-09-05 02:15 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 15:09 - 2017-09-05 02:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 02:12 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 15:09 - 2017-09-05 02:12 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 15:09 - 2017-09-05 02:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-13 15:09 - 2017-09-05 02:10 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-09-13 15:09 - 2017-09-05 02:09 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-13 15:09 - 2017-09-05 02:08 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-09-13 15:09 - 2017-09-05 02:06 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-09-13 15:09 - 2017-09-05 02:05 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 02:04 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 15:09 - 2017-09-05 02:02 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 15:09 - 2017-09-05 01:59 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 15:09 - 2017-09-05 01:57 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 15:09 - 2017-09-05 01:52 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 002125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 15:09 - 2017-09-05 01:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-09-13 15:09 - 2017-09-05 01:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 01:49 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-09-13 15:09 - 2017-09-05 01:48 - 002129920 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 01:46 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 15:09 - 2017-09-05 01:44 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 15:09 - 2017-09-05 01:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 01:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-09-13 15:09 - 2017-09-05 01:40 - 001292800 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 15:09 - 2017-09-05 01:38 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 004456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 15:09 - 2017-09-05 01:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 15:09 - 2017-09-05 01:35 - 002054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 15:09 - 2017-09-05 01:28 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-09-13 15:09 - 2017-09-05 01:21 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 15:09 - 2017-09-05 01:20 - 003588608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 15:09 - 2017-09-05 01:20 - 002610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 15:09 - 2017-09-05 01:15 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 15:09 - 2017-09-05 01:13 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 003046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2017-09-13 15:09 - 2017-09-05 01:11 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-09-13 15:09 - 2017-09-05 01:10 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-13 15:09 - 2017-09-05 01:06 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 004827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 15:09 - 2017-09-05 01:05 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 003355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-09-13 15:09 - 2017-09-05 01:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 15:09 - 2017-09-05 01:03 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 15:09 - 2017-09-05 01:01 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 002635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-09-13 15:09 - 2017-09-05 00:58 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 15:09 - 2017-09-05 00:56 - 005503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-13 15:09 - 2017-09-05 00:54 - 003585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-09-13 15:09 - 2017-09-05 00:47 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 15:09 - 2017-09-05 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 15:09 - 2017-09-05 00:45 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 15:09 - 2017-09-05 00:45 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 15:09 - 2017-09-05 00:40 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 15:09 - 2017-09-05 00:34 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 15:09 - 2017-09-05 00:31 - 022377472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 15:09 - 2017-09-05 00:28 - 013410816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 15:09 - 2017-09-05 00:24 - 006978048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 024606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 15:09 - 2017-09-05 00:23 - 006312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-09-13 15:09 - 2017-09-05 00:21 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 007841792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 15:09 - 2017-09-05 00:02 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-13 15:09 - 2017-09-04 23:57 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 019346432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 018675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 15:09 - 2017-09-04 23:48 - 012155904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 15:09 - 2017-09-04 23:37 - 005661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 15:08 - 2017-09-05 03:41 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-13 15:08 - 2017-09-05 02:25 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 15:08 - 2017-09-05 02:18 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-13 15:08 - 2017-09-05 02:11 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-09-13 15:08 - 2017-09-05 01:59 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-09-13 15:08 - 2017-09-05 01:43 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 15:08 - 2017-09-05 01:37 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-09-13 15:08 - 2017-09-05 01:03 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 15:08 - 2017-09-05 00:16 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-10 20:11 - 2017-09-10 20:11 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignec558effb061a8d7
2017-09-10 20:07 - 2017-09-10 20:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign7d8ae5031cff08eb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-10 22:39 - 2017-05-14 19:24 - 002723387 _____ C:\WINDOWS\ZAM.krnl.trace
2017-10-10 22:39 - 2017-05-14 19:24 - 002434650 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-10-10 22:39 - 2017-05-09 23:06 - 000028508 _____ C:\Users\Imogen\Downloads\FRST.txt
2017-10-10 22:38 - 2017-05-09 23:06 - 000000000 ____D C:\FRST
2017-10-10 22:38 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-10 22:37 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-10 22:37 - 2015-08-31 15:37 - 000000000 ____D C:\ProgramData\Symantec
2017-10-10 22:23 - 2017-07-20 18:05 - 000000000 ____D C:\Program Files\rempl
2017-10-10 22:21 - 2015-08-16 13:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
2017-10-10 22:20 - 2017-05-08 23:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-10 22:20 - 2017-05-08 23:24 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-10 22:20 - 2017-05-08 23:24 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-10 22:20 - 2017-05-08 23:17 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-10 22:19 - 2017-05-08 23:24 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-10 22:18 - 2017-05-08 23:24 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-10 22:17 - 2015-08-31 15:22 - 000000000 ____D C:\Users\Imogen\AppData\Local\Adobe
2017-10-10 22:11 - 2015-12-16 00:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-10 22:11 - 2015-08-16 16:33 - 000000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
2017-10-04 15:44 - 2015-08-16 12:51 - 000000000 ____D C:\Users\Imogen\AppData\Local\Packages
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-10-01 21:39 - 2015-10-30 03:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-30 13:40 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Local\Spotify
2017-09-30 13:38 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Spotify
2017-09-30 12:11 - 2016-12-24 17:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-29 20:44 - 2015-12-16 03:12 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-29 20:27 - 2015-07-16 10:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-29 00:18 - 2015-10-30 03:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-26 20:25 - 2017-05-08 23:24 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfa032f16843534e7.tmp
2017-09-26 15:33 - 2015-08-16 13:08 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 15:33 - 2015-08-16 13:08 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-23 21:42 - 2017-07-29 20:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2005569905-2985736349-4029353856-1001
2017-09-23 21:42 - 2015-08-16 16:36 - 000002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-23 21:42 - 2015-08-16 16:36 - 000000000 ___RD C:\Users\Imogen\OneDrive
2017-09-23 12:00 - 2015-12-16 00:21 - 000000000 ____D C:\Users\Imogen
2017-09-19 23:54 - 2015-08-16 16:34 - 000000000 ____D C:\Users\Imogen\AppData\Local\Publishers
2017-09-19 08:26 - 2017-05-08 23:24 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3e8f634e5e362e68.tmp
2017-09-17 14:36 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\rescache
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-15 18:55 - 2016-01-27 22:01 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Skype
2017-09-13 22:04 - 2015-08-16 14:57 - 000879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-13 22:01 - 2015-08-16 11:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 21:58 - 2017-05-14 18:57 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-13 21:58 - 2015-12-16 00:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 21:58 - 2015-12-16 00:13 - 005009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 17:53 - 2015-10-30 02:28 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\DevicesFlow
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-13 15:23 - 2015-08-16 18:34 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 15:21 - 2015-10-30 03:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 15:21 - 2015-08-16 18:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-09-04 09:28 - 2016-05-18 21:01 - 000000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
2017-03-29 15:06 - 2017-03-29 15:06 - 000001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-16 00:18 - 2015-12-16 00:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-12 11:55 - 2014-12-12 11:55 - 000000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-01 21:53

==================== End of FRST.txt ============================

ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Imogen (10-10-2017 22:40:46)
Running from C:\Users\Imogen\Downloads
Windows 10 Home Version 1511 170904-1742 (X64) (2015-12-16 04:40:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2005569905-2985736349-4029353856-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2005569905-2985736349-4029353856-503 - Limited - Disabled)
Guest (S-1-5-21-2005569905-2985736349-4029353856-501 - Limited - Disabled)
Imogen (S-1-5-21-2005569905-2985736349-4029353856-1001 - Administrator - Enabled) => C:\Users\Imogen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\{05E6D311-4793-44BE-ACA2-A50B5B5129AE}) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.00.53 - Portrait Displays, Inc.)
Coffee (HKLM-x32\...\{568300F4-7F75-4635-B50E-16EFB18C0CE0}) (Version: 1.0.3 - Steven Cole)
CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.7921 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector Touch (HKLM\...\{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector Touch (HKLM-x32\...\InstallShield_{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
King Oddball (HKLM-x32\...\WTA-16523265-5c95-4371-a35f-f9b54c7c7030) (Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
PX Profile Update (HKLM-x32\...\{733F4823-8E3A-67FA-7E25-EB368567437A}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Symantec Endpoint Protection (HKLM\...\{18F87B39-E281-4228-B83D-627FFC77A466}) (Version: 12.1.6168.6000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 2.3.3.4 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.49 - Zemana Ltd.)
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D1DF1F-E0D4-4546-ADA4-B27C769E2E3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {086A05B4-807B-4949-8C5F-04E2E3DF54A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-10] (AVAST Software)
Task: {09D7B895-3B2D-40A3-98A0-3DFCDEAB7C52} - System32\Tasks\SafeZone scheduled Autoupdate 1494300916 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {37FE118C-C5E7-4876-B98D-341FCED931FD} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
Task: {437D5321-3648-4ADF-8689-D4D1BF6D65AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {4F635F49-F6E0-4027-A554-792A68BCAB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {6F35671E-9C9D-41C9-A663-E10DDC6A6F53} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {7641054F-9517-440D-B604-1EFB8E8B69E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
Task: {7F7DD807-B95A-409B-BC50-34D6BD597DBA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {80D41E4A-BF13-421B-9748-3B3B55A6D544} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-16] (Adobe Systems Incorporated)
Task: {9132004C-AA3D-4BEC-AC2E-122564211DD9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {9CDA6356-3594-4542-921B-70757974618D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {A384693C-2256-45C3-A753-2E00F1F06641} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {A4E60AF1-2BEE-4675-A7E6-0BE45A1151DC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-imogen.thomas5654@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B1A8CE3D-E729-486D-9B9B-B8406F8C7FF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
Task: {BAD9AB5C-4662-4C81-AF3F-B1EC4FBA6821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-29] (Microsoft Corporation)
Task: {C583CBED-0130-47E8-BFAD-877FCDAC1D1A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {CAAE93C8-59F9-4355-9431-10381EEDD273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {D05ACD09-AF38-4385-B1E3-4EF18B8B74D2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {DC9DB603-4E5B-45EA-B4AA-FA494C7CCF47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {E3025F92-323F-4629-A792-AEC706784C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {FC5DED5F-93FC-44C1-A0C3-28982304595B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-03-27 16:53 - 2013-03-27 16:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2014-02-27 16:31 - 2014-02-27 16:31 - 000013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
2014-12-12 11:57 - 2012-04-24 22:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-27 13:46 - 2015-05-27 13:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-14 16:21 - 2017-03-04 01:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-18 21:17 - 2017-09-29 00:06 - 008931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-02 08:32 - 2016-12-02 08:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-17 17:44 - 2015-12-07 00:14 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 13:07 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-03-14 16:21 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 16:21 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 15:09 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-09-13 15:09 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-26 15:33 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2013-08-01 17:24 - 2013-08-01 17:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 000218456 _____ () c:\windows\system32\WerEtw.dll
2015-08-10 14:33 - 2015-08-10 14:33 - 000566328 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\AvPluginImpl.dll
2015-07-16 09:27 - 2013-12-09 18:26 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-06 10:44 - 2017-07-06 10:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-09-06 20:24 - 2017-09-06 20:24 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 052051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 000099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\sharepoint.com -> hxxps://bard0-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-05-13 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imogen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
DNS Servers: 10.5.0.2 - 10.5.0.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EBC1DAC6-783B-4591-A32F-18412B3741D9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{9AD81E91-C680-4AB3-A569-0A036DA2E43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
FirewallRules: [{1422AC0E-097A-4CAE-94B7-95EAEBD2D6AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{B7E4966C-BA89-4AA1-8FDD-4F42847EECD5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
FirewallRules: [{69D50447-675B-4145-8065-CD3538C4B445}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{38CBBDEB-780A-457D-954E-2E057D8540B6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{84AAB974-9BBA-44A8-9C75-A64D8C27AA44}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{301762DD-BB2C-4F1E-A81A-9BC5EB53626D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1C54BC69-167C-4061-AEFD-5626E6987ADF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1E8C57AD-62D7-492E-A1B7-2305781FBD00}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2472F3C1-2C2C-4F11-8402-DF70A34E497D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8B5E4A87-560E-419B-BE97-ADFF740285BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{288E0BAE-B97F-4EA0-A5AF-1DED955072A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{02CC9AC9-A41A-4840-8F15-28230DCB9BBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59E54054-46A1-4F4A-A532-958911D2CFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16F8BE89-3759-464E-AF65-08C83AA22B35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF690903-5315-4BF4-992D-07AA481546D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC143D06-E504-45E7-904C-59242F8A1543}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A854DFFD-5400-4B4B-8749-A393CDAD22A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E7F31244-11D5-4BAA-A482-A33F98B67D03}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{F73C6B3F-03C0-43B0-9C31-D2D19219C475}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{EFDD668D-6742-4347-89C6-16000F219BCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46FA8CDD-3DD2-44A7-9828-19C892C877A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{75C9CBE9-FC3B-483D-A895-FD65E1DED8D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

17-09-2017 14:36:32 Scheduled Checkpoint
29-09-2017 00:05:02 Windows Update
10-10-2017 22:21:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2017 10:37:45 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh8d1f.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/10/2017 10:35:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/10/2017 10:28:50 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh4c88.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/10/2017 10:22:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/04/2017 05:52:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (10/04/2017 05:52:40 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (10/04/2017 02:09:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2017 10:51:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6672

Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6672


System errors:
=============
Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (10/10/2017 10:23:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (10/10/2017 10:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2017 02:18:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (10/03/2017 10:35:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Feature update to Windows 10, version 1703.


CodeIntegrity:
===================================
Date: 2017-09-29 20:28:54.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-29 00:15:08.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-25 20:38:37.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-14 20:00:47.033
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 21:59:40.274
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-09-13 15:28:27.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-25 01:56:41.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-13 12:45:06.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-09 11:21:58.262
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-09 03:25:35.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 38%
Total physical RAM: 16294.85 MB
Available physical RAM: 9974.41 MB
Total Virtual: 29685.75 MB
Available Virtual: 23540.21 MB

==================== Drives ================================

Drive c: (TI10707900C) (Fixed) (Total:917.44 GB) (Free:663.21 GB) NTFS
Drive e: () (Removable) (Total:14.83 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR LOG:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-10-10 22:44:59
-----------------------------
22:44:59.794 OS Version: Windows x64 6.2.9200
22:44:59.794 Number of processors: 8 586 0x3C03
22:44:59.795 ComputerName: IMOGENCOMPUTER UserName: Imogen
22:45:03.548 Initialize success
22:45:03.550 VM: initialized successfully
22:45:03.551 VM: Intel CPU supported virtualized
22:45:22.284 VM: disk I/O iaStorA.sys
22:45:30.196 AVAST engine defs: 17101004
22:45:38.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
22:45:38.210 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
22:45:38.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000043
22:45:38.213 Disk 1 Vendor: Realtek_ 1.00 Size: 15193MB BusType: 1
22:45:38.356 Disk 0 MBR read successfully
22:45:38.359 Disk 0 MBR scan
22:45:38.362 Disk 0 unknown MBR code
22:45:38.364 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:45:38.370 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:45.408 Service scanning
22:45:58.668 Modules scanning
22:45:58.682 Disk 0 trace - called modules:
22:45:58.692 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys hal.dll
22:45:58.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00049217060]
22:45:58.705 3 aswSP.sys[fffff800659b1b9e] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe0004921e060]
22:46:02.047 AVAST engine scan C:\WINDOWS
22:46:06.641 AVAST engine scan C:\WINDOWS\system32
22:48:55.716 AVAST engine scan C:\WINDOWS\system32\drivers
22:49:09.408 AVAST engine scan C:\Users\Imogen
22:58:29.494 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\MBR.dat"
22:58:29.500 The log file has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\aswMBR 10-10-17.txt"

Juliet
2017-10-11, 14:38
Symantec Endpoint Protection <== does this supply antivirus protection as in security suite?
AVAST <== is an antivirus

If the computer has 2 antivirus, need to make a decision which to keep and which to uninstall.
~~~~

Right click on the FRST icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time
or
Right click/highlight on the text below and select Copy.
beginning with Start:: and finishing with End::


Start::
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
U3 aswbdisk; no ImagePath
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: Bitsadmin /Reset /Allusers
Emptytemp:
End::


Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

******

Malwarebytes version 3.1.2.1733 <== Your version is outdated

Open Malwarebytes Anti-Malware
Look for and click on the Update button
Allow it to update

Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
Let the scan run, the time required to complete the scan depends of your system and computer specs
Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button

If it asks you to restart your computer to complete the removal, do so

Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply


***

Follow the instructions below please.

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
https://i.imgur.com/V7SD4El.png
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

created by Aura
~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/iT103hr.pngJunkware Removal Tool (JRT)

Download Junkware Removal Tool (JRT) (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) and move it to your Desktop
Right-click on JRT.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Press on any key to launch the scan and let it complete
http://i.imgur.com/tLsXbWy.png
Credits : BleepingComputer.com
Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

created by Aura

**
Your next reply(ies) should therefore contain:

Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted JRT log

imothom
2017-10-12, 08:52
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
Ran by Imogen (12-10-2017 01:13:27) Run:2
Running from C:\Users\Imogen\Downloads
Loaded Profiles: Imogen (Available Profiles: Imogen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
U3 aswbdisk; no ImagePath
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: Bitsadmin /Reset /Allusers
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A12A81B-0662-4DA4-93C5-CC96CA9431CB} => key removed successfully
HKLM\Software\Classes\CLSID\{5A12A81B-0662-4DA4-93C5-CC96CA9431CB} => key not found.
HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B64FF99D-D9DC-4CC2-AED0-7586853EF92D} => key removed successfully
HKLM\Software\Classes\CLSID\{B64FF99D-D9DC-4CC2-AED0-7586853EF92D} => key not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {E539BCAD-9628-4BA9-9850-5A8A5415B05C}.
0 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1169735461 B
Java, Flash, Steam htmlcache => 1310 B
Windows/system/drivers => 257332927 B
Edge => 9451680 B
Chrome => 903682796 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 3416 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 36384 B
NetworkService => -656 B
Imogen => 1019399480 B

RecycleBin => 0 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-10-2017 01:21:24)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

==== End of Fixlog 01:21:25 ====



AdwCleaner Log:

# AdwCleaner 7.0.3.1 - Logfile created on Thu Oct 12 05:38:54 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Users\All Users\Desktop\eBay.lnk
Deleted: C:\Users\Public\Desktop\eBay.lnk


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1033 B] - [2017/10/12 5:37:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########




JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Imogen (Administrator) on Thu 10/12/2017 at 1:42:30.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/12/2017 at 1:45:43.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2017-10-12, 14:00
Did you update and run a scan with MalwareBytes?

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

created by Aura

imothom
2017-10-13, 02:55
I did update and run a scan with Malwarebytes--- nothing came up. Here it is though (ran yesterday):

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/12/17
Scan Time: 1:26 AM
Log File: Malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2996
License: Free

-System Information-
OS: Windows 10 (Build 10586.1176)
CPU: x64
File System: NTFS
User: IMOGENCOMPUTER\Imogen

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375593
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)




Also, nothing came up on the EEK scan either, but my computer is still very slow and I find it difficult to believe that the virus that showed up on my Symantec (an app which I deleted in favor of keeping avast) just up and left.

EEK scan:
Emsisoft Emergency Kit - Version 2017.8
Last update: 10/12/2017 7:45:36 PM
User account: IMOGENCOMPUTER\Imogen
Computer name: IMOGENCOMPUTER
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 10/12/2017 7:46:03 PM

Scanned 81011
Found 0

Scan end: 10/12/2017 7:50:52 PM
Scan time: 0:04:49

Juliet
2017-10-13, 13:34
I have no idea where it went.

As for the computer moving slow
Let's check and see if there is a problem with updates

Check for and Install Windows Updates
https://www.tenforums.com/tutorials/4807-check-install-windows-update-windows-10-a.html

~~~~

Please Download Tweaking.com - Windows Repair from Here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
OR
Windows Repair (all in one) from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/).


Install and then run the program
Execute the instructions on Step 1 Important
Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
Click Repairs - Open Repairs in the bottom right corner
Uncheck the All repair button then select just the item(s) listed below

01 - Repair Registry Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
10 - Remove Policies Set By Infections
17 - Repair Windows Updates
19 - Repair Volume Shadow Copy Service
21 - Repair MSI (Windows Installer)
26 - Restore Important Windows Services
27 - Set Windows Service to Default Startup



Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
Please copy and paste the Contents of this file on your next reply.


Restart the computer normally.

imothom
2017-10-17, 06:47
Hi, I haven't done the next steps yet--- I just wanted to check in about the 'Proper Power Reset' ---- according to the directions I have to remove the battery from my laptop. Is this true (it's just not an easy step for me as I'm at school and I don't have a screwdriver to remove the panel that keeps the battery in)?

Juliet
2017-10-17, 12:35
I dont know anything about 'Proper Power Reset
I posted information on how to check for windows updates manually. On the link I supplied, scroll to the area 'Here's How:'

Did you run Windows Repair (all in one)?

imothom
2017-10-18, 07:25
The version I downloaded from the link provided (the second one, from Tweaking) doesn't offer a run button---- instead it gives steps that I'm supposed to run by myself (Including Proper Power Reset).

Part of the issue on my windows updates is that there's a problem updating. I definitely have apps that need updating, but the updates are never able to finish and never update automatically, even though they are set to do so.

Juliet
2017-10-18, 12:18
Delete the version of All In One you have now, we'll try the download from a difference place.

Windows Repair (all in one) from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/).



Install and then run the program
Execute the instructions on Step 1 Important
Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
Click Repairs - Open Repairs in the bottom right corner
Uncheck the All repair button then select just the item(s) listed below

01 - Repair Registry Permissions
03 - Reset Service permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
07 - Repair Internet Explorer
10 - Remove Policies Set By Infections
17 - Repair Windows Updates
19 - Repair Volume Shadow Copy Service
21 - Repair MSI (Windows Installer)
26 - Restore Important Windows Services
27 - Set Windows Service to Default Startup



Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
Please copy and paste the Contents of this file on your next reply.


Restart the computer normally.

Juliet
2017-10-27, 13:39
Still need help?

Juliet
2017-11-05, 12:11
Since this issue appears resolved ... this Topic is closed.