PDA

View Full Version : GOOGLE CHROME Hijacked



Pegicorn
2018-11-07, 00:29
Hi
On October 4th 2018 I tried to get a youtube video which I was not able to play in my country, I saw several messages suggesting the replacement of "tube" with "Pak" and nothing about anyone having any problems with this fix. So I decided to go ahead, which sent me down the rabbit hole of links. I didn't complete this process but at one point I believe I saved a program and allowed something to access/change my windows (which I would never usually do!) I had a change of heart and uninstalled (using the program's uninstall feature) the proxy program from my hard drive almost immediately without running it, and everything seemed ok. The next morning however, my Google Chrome did not recognise my internet connection and my Anti Virus programs were disabled. I didn't put these things together right away but enabled my anti-virus program. Then I restarted my machine. After booting back up, it was extremely slow, and Google Chrome no longer loads or I get a strange window (cannot link in this message) which I have never seen before, it has google chrome in top left corner and Chrome in bottom left, an avatar in the center with my name underneath, and two buttons on the bottom right stating to browse as guest, and add person. I didn't click on anything. I ran two anti-virus scans-which found nothing, cleared my junk folders and still the same window pops up when trying to access Google Chrome (every now and then I saw a notification pop up which says it's from YouPak.com, but this does not appear in my notification list). Unfortunately I ran a system restore prior to seeing your site, which took about 1hr but was successful. Unfortunately this also didn't fix my pc, I'm still getting the weird Google Chrome window and everything is super slow. I ran a Malwarebytes scan and quarantined a bunch of items, restarted my machine, and everything is the same.

I have read "Before you post" and tried to run the recommended scans. Below are Farbar Recovery Scan Tool (which was to big to attach even without the the buttons suggested to be switched off) and Addition files (attached). Unfortunately the aswMBR will not completely scan and results in a blue screen and my pc restarts.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.10.2018
Ran by Sandy (administrator) on PEGICORNHOME (06-11-2018 14:14:35)
Running from C:\Program Files
Loaded Profiles: Sandy (Available Profiles: Sandy)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(UGEE) C:\Program Files\Pentablet\PentabletService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20186.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.10827.20186.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-10-25] (AVAST Software)
HKLM\...\Run: [PentabletService] => c:\program files\pentablet\pentabletservice.exe [2246864 2018-08-28] (UGEE)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-12] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2018-09-22]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2018-09-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5c0dc162-a41c-44f3-a00c-94c1116a5bb0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bf1dce15-445b-4df5-af24-574861a4ab5d}: [DhcpNameServer] 40.53.1.201 40.53.1.203

Internet Explorer:
==================
HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-09-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-09-27] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2018-02-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Guest Profile
CHR Profile: C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default [2018-11-06]
CHR Extension: (Slides) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Entanglement Web App) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-08-06]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-08-06]
CHR Extension: (Docs) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-01]
CHR Extension: (Google Search) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast Passwords) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-10-19]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-10-04]
CHR Extension: (Sheets) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-10-16]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2018-05-11]
CHR Extension: (Supernova) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2015-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-18]
CHR Extension: (Pixlr Express) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-08-06]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2016-03-08]
CHR Extension: (Sketchpad) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2015-08-06]
CHR Extension: (Google Maps) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-17]
CHR Extension: (Poppit!) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-08-06]
CHR Extension: (deviantART muro) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-31]
CHR Profile: C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-06]
CHR Profile: C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2018-09-02] (Adobe Systems) [File not signed]
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-10-25] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-10-25] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-25] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-10-25] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-09-27] (McAfee, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-10-25] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-10-25] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-10-25] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-10-25] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-10-25] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-26] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [185240 2018-10-25] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-10-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-10-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-10-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-10-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-10-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-10-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-10-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-10-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-10-25] (AVAST Software)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-02-13] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-06] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-06] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-08-07] (SlimWare Utilities, Inc.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-26] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 13:27 - 2018-11-06 13:38 - 000561084 _____ C:\WINDOWS\Minidump\110618-36000-01.dmp
2018-11-06 13:18 - 2018-11-06 13:27 - 456082390 _____ C:\WINDOWS\MEMORY.DMP
2018-11-06 13:18 - 2018-11-06 13:27 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-06 13:18 - 2018-11-06 13:18 - 000000000 _____ C:\WINDOWS\Minidump\110618-34234-01.dmp
2018-11-06 13:13 - 2018-11-06 13:13 - 000042984 _____ C:\Program Files\Addition.txt
2018-11-06 13:11 - 2018-11-06 14:15 - 000023891 _____ C:\Program Files\FRST.txt
2018-11-06 13:10 - 2018-11-06 01:48 - 005198336 _____ (AVAST Software) C:\Program Files\aswMBR.exe
2018-11-06 13:10 - 2018-11-06 01:33 - 002414592 _____ (Farbar) C:\Program Files\FRST64.exe
2018-11-06 13:00 - 2018-11-06 13:02 - 000042203 _____ C:\Users\Sandy\Downloads\Addition.txt
2018-11-06 12:57 - 2018-11-06 13:02 - 000065219 _____ C:\Users\Sandy\Downloads\FRST.txt
2018-11-06 04:48 - 2018-11-06 12:33 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-06 04:48 - 2018-11-06 04:48 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-06 04:48 - 2018-11-06 04:48 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-06 04:31 - 2018-11-06 04:31 - 000000000 ____D C:\Users\Sandy\AppData\Local\mbam
2018-11-06 04:30 - 2018-11-06 04:30 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-06 04:30 - 2018-11-06 04:30 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-06 04:30 - 2018-11-06 04:30 - 000000000 ____D C:\Users\Sandy\AppData\Local\mbamtray
2018-11-06 04:29 - 2018-11-06 04:29 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-06 04:29 - 2018-11-06 04:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-06 04:29 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-11-06 04:28 - 2018-11-06 04:28 - 078955096 _____ (Malwarebytes ) C:\Users\Sandy\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7699.exe
2018-11-06 01:50 - 2018-11-06 13:04 - 000001220 _____ C:\Users\Sandy\Desktop\aswMBR.txt
2018-11-06 01:48 - 2018-11-06 01:48 - 005198336 _____ (AVAST Software) C:\Users\Sandy\Downloads\aswMBR.exe
2018-11-06 01:40 - 2018-11-06 13:14 - 000042987 _____ C:\Users\Sandy\Desktop\Addition.txt
2018-11-06 01:35 - 2018-11-06 13:14 - 000067378 _____ C:\Users\Sandy\Desktop\FRST.txt
2018-11-06 01:33 - 2018-11-06 14:14 - 000000000 ____D C:\FRST
2018-11-06 01:32 - 2018-11-06 01:33 - 002414592 _____ (Farbar) C:\Users\Sandy\Downloads\FRST64.exe
2018-11-06 01:28 - 2018-11-06 01:28 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-PEGICORNHOME-Windows-10-Home-(64-bit).dat
2018-11-06 01:27 - 2018-11-06 01:27 - 000000000 ____D C:\RegBackup
2018-11-06 01:26 - 2018-11-06 01:26 - 000002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2018-11-06 01:26 - 2018-11-06 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-11-06 01:26 - 2018-11-06 01:26 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-11-06 01:22 - 2018-11-06 01:26 - 000017987 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2018-11-06 01:20 - 2018-11-06 01:21 - 005766144 _____ (Tweaking.com) C:\Users\Sandy\Downloads\tweaking.com_registry_backup_setup.exe
2018-11-05 23:58 - 2018-10-25 20:27 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-11-05 20:53 - 2018-11-05 20:53 - 000000000 ____D C:\Program Files (x86)\AVG
2018-11-05 20:50 - 2018-11-06 00:51 - 000000000 ____D C:\Users\Sandy\AppData\Local\Avg
2018-11-05 20:50 - 2018-11-05 20:50 - 000000000 ____D C:\Users\Sandy\AppData\Roaming\AVG
2018-11-05 20:47 - 2018-11-05 20:47 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-11-05 20:46 - 2018-11-05 20:46 - 000000000 ____D C:\Program Files\AVG
2018-11-05 20:45 - 2018-11-06 00:51 - 000000000 ____D C:\ProgramData\AVG
2018-11-05 02:28 - 2018-11-05 02:28 - 000112222 _____ C:\Users\Sandy\Documents\watch.swf
2018-10-23 18:11 - 2018-10-23 18:13 - 000000000 ____D C:\WINDOWS\SysWOW64\18102308_stream
2018-10-23 18:11 - 2018-10-23 18:11 - 000000000 ____D C:\WINDOWS\SysWOW64\18102304_stream
2018-10-22 21:46 - 2018-10-23 18:11 - 000000000 ____D C:\WINDOWS\SysWOW64\18102302_stream
2018-10-22 19:08 - 2018-10-22 21:41 - 000000000 ____D C:\WINDOWS\SysWOW64\18102300_stream
2018-10-22 14:54 - 2018-10-22 19:08 - 000000000 ____D C:\WINDOWS\SysWOW64\18102212_stream
2018-10-09 23:30 - 2018-09-21 01:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-09 23:30 - 2018-09-21 00:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-09 23:30 - 2018-09-20 20:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-09 23:30 - 2018-09-20 19:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-09 23:30 - 2018-09-20 01:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-09 23:30 - 2018-09-20 01:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-09 23:30 - 2018-09-20 01:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-09 23:30 - 2018-09-20 00:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-09 23:30 - 2018-09-20 00:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-09 23:30 - 2018-09-19 20:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-09 23:30 - 2018-09-19 20:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-09 23:30 - 2018-09-19 20:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-09 23:30 - 2018-09-19 20:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-09 23:30 - 2018-09-19 20:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-09 23:30 - 2018-09-19 20:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-09 23:30 - 2018-09-19 20:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-09 23:30 - 2018-09-19 20:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-09 23:30 - 2018-09-19 20:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-09 23:30 - 2018-09-19 19:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-09 23:30 - 2018-09-19 19:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-09 23:30 - 2018-09-19 19:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-09 23:30 - 2018-09-19 19:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-09 23:30 - 2018-09-19 19:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-09 23:30 - 2018-09-19 19:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-09 23:30 - 2018-09-19 19:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-09 23:30 - 2018-09-19 19:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-09 23:30 - 2018-09-08 00:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-09 23:30 - 2018-09-07 23:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-09 23:30 - 2018-09-07 23:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-09 23:30 - 2018-09-07 19:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-09 23:30 - 2018-09-07 19:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-09 23:30 - 2018-09-07 19:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-09 23:30 - 2018-09-07 19:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-09 23:30 - 2018-09-07 19:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-09 23:30 - 2018-09-07 19:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-09 23:30 - 2018-09-07 19:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-09 23:30 - 2018-09-07 19:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-09 23:29 - 2018-09-21 01:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-09 23:29 - 2018-09-20 20:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-09 23:29 - 2018-09-20 20:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-09 23:29 - 2018-09-20 20:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-09 23:29 - 2018-09-20 20:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-09 23:29 - 2018-09-20 20:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-09 23:29 - 2018-09-20 20:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-09 23:29 - 2018-09-20 20:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-09 23:29 - 2018-09-20 20:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-09 23:29 - 2018-09-20 20:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-09 23:29 - 2018-09-20 20:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-09 23:29 - 2018-09-20 20:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-09 23:29 - 2018-09-20 20:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-09 23:29 - 2018-09-20 20:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-09 23:29 - 2018-09-20 20:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-09 23:29 - 2018-09-20 20:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-09 23:29 - 2018-09-20 20:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-09 23:29 - 2018-09-20 20:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-09 23:29 - 2018-09-20 20:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-09 23:29 - 2018-09-20 20:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-09 23:29 - 2018-09-20 19:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-09 23:29 - 2018-09-20 19:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-09 23:29 - 2018-09-20 19:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-09 23:29 - 2018-09-20 19:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-09 23:29 - 2018-09-20 19:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-09 23:29 - 2018-09-20 19:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-09 23:29 - 2018-09-20 19:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-09 23:29 - 2018-09-20 19:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-09 23:29 - 2018-09-20 19:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-09 23:29 - 2018-09-20 19:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-09 23:29 - 2018-09-20 19:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-09 23:29 - 2018-09-20 19:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-09 23:29 - 2018-09-20 19:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-09 23:29 - 2018-09-20 19:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-09 23:29 - 2018-09-20 19:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-09 23:29 - 2018-09-20 19:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-09 23:29 - 2018-09-20 19:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-09 23:29 - 2018-09-20 19:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-09 23:29 - 2018-09-20 19:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-09 23:29 - 2018-09-20 19:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-09 23:29 - 2018-09-20 01:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-09 23:29 - 2018-09-20 01:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-09 23:29 - 2018-09-20 01:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-09 23:29 - 2018-09-20 01:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-09 23:29 - 2018-09-20 01:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-09 23:29 - 2018-09-20 01:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-09 23:29 - 2018-09-20 01:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-09 23:29 - 2018-09-20 01:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-09 23:29 - 2018-09-20 00:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-09 23:29 - 2018-09-20 00:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-09 23:29 - 2018-09-20 00:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-09 23:29 - 2018-09-20 00:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-09 23:29 - 2018-09-20 00:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-09 23:29 - 2018-09-20 00:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-09 23:29 - 2018-09-19 20:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-09 23:29 - 2018-09-19 20:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-09 23:29 - 2018-09-19 20:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-09 23:29 - 2018-09-19 20:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-09 23:29 - 2018-09-19 20:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-09 23:29 - 2018-09-19 20:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-09 23:29 - 2018-09-19 20:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-09 23:29 - 2018-09-19 20:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-09 23:29 - 2018-09-19 20:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-09 23:29 - 2018-09-19 20:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-09 23:29 - 2018-09-19 20:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-09 23:29 - 2018-09-19 20:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-09 23:29 - 2018-09-19 20:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-09 23:29 - 2018-09-19 20:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-09 23:29 - 2018-09-19 20:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-09 23:29 - 2018-09-19 20:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-09 23:29 - 2018-09-19 20:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-09 23:29 - 2018-09-19 20:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-09 23:29 - 2018-09-19 20:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-09 23:29 - 2018-09-19 20:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-09 23:29 - 2018-09-19 20:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-09 23:29 - 2018-09-19 20:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-09 23:29 - 2018-09-19 20:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-09 23:29 - 2018-09-19 20:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-09 23:29 - 2018-09-19 20:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-09 23:29 - 2018-09-19 19:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-09 23:29 - 2018-09-19 19:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-09 23:29 - 2018-09-19 19:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-09 23:29 - 2018-09-19 19:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-09 23:29 - 2018-09-19 19:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-09 23:29 - 2018-09-19 19:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-09 23:29 - 2018-09-19 19:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-09 23:29 - 2018-09-19 19:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-09 23:29 - 2018-09-19 19:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-09 23:29 - 2018-09-08 00:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-09 23:29 - 2018-09-08 00:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-09 23:29 - 2018-09-08 00:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-09 23:29 - 2018-09-08 00:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-09 23:29 - 2018-09-08 00:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-09 23:29 - 2018-09-08 00:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-09 23:29 - 2018-09-08 00:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-09 23:29 - 2018-09-08 00:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-09 23:29 - 2018-09-08 00:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-09 23:29 - 2018-09-08 00:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-09 23:29 - 2018-09-07 23:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-09 23:29 - 2018-09-07 23:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-09 23:29 - 2018-09-07 23:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-09 23:29 - 2018-09-07 23:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-09 23:29 - 2018-09-07 23:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-09 23:29 - 2018-09-07 23:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-09 23:29 - 2018-09-07 23:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-09 23:29 - 2018-09-07 23:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-09 23:29 - 2018-09-07 23:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-09 23:29 - 2018-09-07 23:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-09 23:29 - 2018-09-07 23:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-09 23:29 - 2018-09-07 23:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-09 23:29 - 2018-09-07 23:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-09 23:29 - 2018-09-07 23:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-09 23:29 - 2018-09-07 23:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-09 23:29 - 2018-09-07 23:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-09 23:29 - 2018-09-07 23:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-09 23:29 - 2018-09-07 23:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-09 23:29 - 2018-09-07 23:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-09 23:29 - 2018-09-07 23:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-09 23:29 - 2018-09-07 23:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-09 23:29 - 2018-09-07 23:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-09 23:29 - 2018-09-07 23:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-09 23:29 - 2018-09-07 23:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-09 23:29 - 2018-09-07 22:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-09 23:29 - 2018-09-07 22:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-09 23:29 - 2018-09-07 22:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-09 23:29 - 2018-09-07 22:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-09 23:29 - 2018-09-07 22:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-09 23:29 - 2018-09-07 22:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-09 23:29 - 2018-09-07 22:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-09 23:29 - 2018-09-07 22:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-09 23:29 - 2018-09-07 22:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-09 23:29 - 2018-09-07 22:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-09 23:29 - 2018-09-07 22:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-09 23:29 - 2018-09-07 20:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-09 23:29 - 2018-09-07 19:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-09 23:29 - 2018-09-07 19:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-09 23:29 - 2018-09-07 19:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-09 23:29 - 2018-09-07 19:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-09 23:29 - 2018-09-07 19:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-09 23:29 - 2018-09-07 19:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-09 23:29 - 2018-09-07 19:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-09 23:29 - 2018-09-07 19:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-09 23:29 - 2018-09-07 19:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-09 23:29 - 2018-09-07 19:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-09 23:29 - 2018-09-07 19:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-09 23:29 - 2018-09-07 19:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-09 23:29 - 2018-09-07 19:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-09 23:29 - 2018-09-07 19:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-09 23:29 - 2018-09-07 19:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-09 23:29 - 2018-09-07 19:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-09 23:29 - 2018-09-07 19:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-09 23:29 - 2018-09-07 19:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-09 23:29 - 2018-09-07 19:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-09 23:29 - 2018-09-07 19:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-09 23:29 - 2018-09-07 19:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-09 23:29 - 2018-09-07 19:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-09 23:29 - 2018-09-07 19:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-09 23:29 - 2018-09-07 19:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-09 23:29 - 2018-09-07 19:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-09 23:29 - 2018-09-07 19:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-09 23:29 - 2018-09-07 19:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-09 23:29 - 2018-09-07 19:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-09 23:29 - 2018-09-07 19:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-09 23:29 - 2018-09-07 19:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-09 23:29 - 2018-09-07 19:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-09 23:29 - 2018-09-07 19:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-09 23:29 - 2018-09-07 19:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-09 23:29 - 2018-09-07 19:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-09 23:29 - 2018-09-07 19:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-09 23:29 - 2018-09-07 19:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-09 23:29 - 2018-09-07 19:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-09 23:29 - 2018-09-07 19:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-09 23:29 - 2018-09-07 19:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-09 23:29 - 2018-09-07 19:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-09 23:29 - 2018-09-07 19:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-09 23:28 - 2018-09-21 00:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-09 23:28 - 2018-09-20 19:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-09 23:28 - 2018-09-20 19:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-09 23:28 - 2018-09-20 19:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-09 23:28 - 2018-09-20 19:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-09 23:28 - 2018-09-19 22:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-09 23:28 - 2018-09-19 21:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-09 23:28 - 2018-09-19 20:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-09 23:28 - 2018-09-19 20:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-09 23:28 - 2018-09-19 20:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-09 23:28 - 2018-09-19 19:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-09 23:28 - 2018-09-19 19:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-09 23:28 - 2018-09-19 19:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-09 23:28 - 2018-09-19 19:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-09 23:28 - 2018-09-19 18:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-09 23:28 - 2018-09-19 17:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-09 23:28 - 2018-09-07 23:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-09 23:28 - 2018-09-07 23:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-09 23:28 - 2018-09-07 23:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-09 23:28 - 2018-09-07 23:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-09 23:28 - 2018-09-07 23:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-09 23:28 - 2018-09-07 23:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-09 23:28 - 2018-09-07 23:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-09 23:28 - 2018-09-07 23:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-09 23:28 - 2018-09-07 23:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-09 23:28 - 2018-09-07 22:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-09 23:28 - 2018-09-07 19:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-09 23:28 - 2018-09-07 19:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-09 23:28 - 2018-09-07 19:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-09 23:28 - 2018-09-07 19:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-09 23:28 - 2018-09-07 19:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-09 23:28 - 2018-09-07 19:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-09 23:28 - 2018-09-07 19:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-09 23:28 - 2018-09-07 19:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-09 23:28 - 2018-09-07 19:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-09 23:28 - 2018-09-07 19:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-06 14:08 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-06 13:39 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-06 13:36 - 2018-07-04 23:04 - 000000000 ____D C:\Users\Sandy\AppData\Local\CrashDumps
2018-11-06 13:35 - 2015-08-06 13:09 - 000000093 _____ C:\Users\Sandy\AppData\Roaming\sp_data.sys
2018-11-06 13:32 - 2017-10-22 21:44 - 000000000 ____D C:\Users\Sandy\AppData\Local\AVAST Software
2018-11-06 13:32 - 2017-04-18 16:19 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-11-06 13:29 - 2015-08-30 13:27 - 000000000 __SHD C:\Users\Sandy\IntelGraphicsProfiles
2018-11-06 13:27 - 2018-06-10 13:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-06 13:27 - 2018-06-10 12:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-06 13:18 - 2018-06-10 12:29 - 000000000 ____D C:\Users\Sandy
2018-11-06 12:36 - 2018-09-13 11:20 - 000003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2018-11-06 12:36 - 2018-09-07 21:31 - 000003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2018-11-06 12:34 - 2018-06-10 13:10 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B5A3D3A-E326-46AE-9CC1-9B80D6A8EFFD}
2018-11-06 12:31 - 2018-06-10 12:47 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-06 12:31 - 2018-04-11 15:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-06 04:49 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-06 04:47 - 2018-08-15 13:15 - 000000000 ____D C:\Program Files (x86)\TotalAV
2018-11-06 04:46 - 2018-04-11 13:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-11-06 04:29 - 2017-07-18 19:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-06 04:29 - 2017-07-18 19:35 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-06 03:10 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-06 00:51 - 2018-06-14 12:31 - 000000000 ____D C:\Users\Sandy\AppData\Local\atom
2018-11-06 00:51 - 2018-04-11 13:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-11-06 00:51 - 2016-09-04 10:33 - 000000000 ____D C:\Users\Sandy\AppData\Local\ConnectedDevicesPlatform
2018-11-06 00:27 - 2018-09-12 12:10 - 000003194 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-06 00:27 - 2018-08-01 12:32 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-11-06 00:27 - 2018-06-10 13:10 - 000002880 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1498807687-2397506290-3852286947-1001
2018-11-06 00:27 - 2018-06-10 13:10 - 000002878 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1498807687-2397506290-3852286947-500
2018-11-06 00:27 - 2018-06-10 13:10 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1498807687-2397506290-3852286947-1001
2018-11-06 00:27 - 2018-06-10 13:10 - 000002658 _____ C:\WINDOWS\System32\Tasks\Update Checker
2018-11-06 00:27 - 2018-06-10 13:10 - 000002348 _____ C:\WINDOWS\System32\Tasks\RtHDVBg
2018-11-06 00:27 - 2018-06-10 13:10 - 000002342 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-11-06 00:27 - 2018-06-10 13:10 - 000002280 _____ C:\WINDOWS\System32\Tasks\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D}
2018-11-06 00:27 - 2018-06-10 13:09 - 000003584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-11-06 00:27 - 2018-06-10 13:09 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-06 00:27 - 2018-06-10 13:09 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-06 00:27 - 2018-06-10 13:09 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-06 00:27 - 2018-06-10 13:09 - 000002950 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-11-06 00:27 - 2018-06-10 13:09 - 000002866 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2018-11-06 00:27 - 2018-06-10 13:09 - 000002702 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2540 series
2018-11-06 00:27 - 2018-06-10 13:09 - 000002372 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2018-11-06 00:27 - 2018-06-10 13:09 - 000002250 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2018-11-06 00:27 - 2018-06-10 13:09 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-06 00:27 - 2018-06-10 13:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-06 00:00 - 2018-06-10 13:09 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-11-06 00:00 - 2018-05-25 23:05 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-11-06 00:00 - 2018-05-25 23:05 - 000001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-11-05 23:58 - 2018-04-11 15:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-05 23:34 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-11-05 23:11 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\registration
2018-11-05 23:09 - 2015-08-06 13:46 - 000000000 ____D C:\Program Files (x86)\Google
2018-11-03 22:02 - 2016-03-30 23:57 - 000000000 ____D C:\Users\Sandy\AppData\Local\ElevatedDiagnostics
2018-11-01 10:59 - 2018-10-05 01:55 - 000000000 ____D C:\Users\Sandy\AppData\Local\D3DSCache
2018-10-30 13:17 - 2015-08-06 13:48 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-29 13:40 - 2018-04-11 15:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-26 12:30 - 2018-05-25 23:16 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-10-26 12:30 - 2018-05-25 23:16 - 000002465 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-10-25 20:27 - 2018-06-09 00:53 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-10-25 20:27 - 2018-06-09 00:53 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-10-25 20:26 - 2018-06-09 00:53 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-10-25 20:26 - 2018-06-09 00:53 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2018-10-25 20:25 - 2018-06-09 00:53 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-10-25 20:25 - 2018-06-09 00:53 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-10-25 20:25 - 2018-06-09 00:53 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-10-25 20:25 - 2018-06-09 00:53 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-10-25 20:25 - 2018-05-25 23:03 - 000185240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-10-24 20:08 - 2018-08-01 12:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-19 18:20 - 2018-09-23 19:44 - 000002369 _____ C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-19 18:20 - 2015-08-06 13:15 - 000000000 ___RD C:\Users\Sandy\OneDrive
2018-10-18 02:51 - 2018-08-15 13:15 - 000000000 ____D C:\Users\Sandy\AppData\Roaming\TotalAV
2018-10-15 13:37 - 2018-06-20 20:10 - 000000000 ____D C:\ProgramData\Packages
2018-10-12 23:45 - 2015-11-08 12:41 - 000000000 ____D C:\Users\Sandy\Documents\CCleaner backup
2018-10-10 16:20 - 2015-09-15 18:14 - 000000000 ___RD C:\Users\Sandy\3D Objects
2018-10-10 16:20 - 2015-08-07 03:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 16:18 - 2018-08-07 13:17 - 000404464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-10 02:06 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-09 23:56 - 2015-08-06 20:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-09 23:48 - 2015-08-06 20:55 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-09 01:35 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-09 01:35 - 2018-04-11 15:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2018-11-06 13:13 - 2018-11-06 13:13 - 000042984 _____ () C:\Program Files\Addition.txt
2018-11-06 13:10 - 2018-11-06 01:48 - 005198336 _____ (AVAST Software) C:\Program Files\aswMBR.exe
2018-11-06 13:11 - 2018-11-06 14:15 - 000067605 _____ () C:\Program Files\FRST.txt
2018-11-06 13:10 - 2018-11-06 01:33 - 002414592 _____ (Farbar) C:\Program Files\FRST64.exe
2015-09-13 20:12 - 2015-09-13 21:36 - 000003072 _____ () C:\Users\Sandy\AppData\Roaming\.spark_db
2015-08-08 22:58 - 2015-08-08 22:58 - 000000021 _____ () C:\Users\Sandy\AppData\Roaming\my_intel.sys
2015-08-06 13:09 - 2018-11-06 13:35 - 000000093 _____ () C:\Users\Sandy\AppData\Roaming\sp_data.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-10 12:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Sandy (06-11-2018 13:13:08)
Running from C:\Program Files
Windows 10 Home Version 1803 17134.345 (X64) (2018-06-10 21:12:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1498807687-2397506290-3852286947-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1498807687-2397506290-3852286947-503 - Limited - Disabled)
Guest (S-1-5-21-1498807687-2397506290-3852286947-501 - Limited - Disabled)
Sandy (S-1-5-21-1498807687-2397506290-3852286947-1001 - Administrator - Enabled) => C:\Users\Sandy
WDAGUtilityAccount (S-1-5-21-1498807687-2397506290-3852286947-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Atom (HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\...\atom) (Version: 1.27.2 - GitHub Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.7.2354 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 69.1.867.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Fishdom: Depths of Time Collector's Edition (HKLM-x32\...\WTA-f9ec4f77-f168-4061-b305-61c380a18bf9) (Version: 3.0.2.118 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Haunted Legends: The Bronze Horseman (HKLM-x32\...\WTA-38382c35-7939-4cdf-82de-d7760c504acf) (Version: 1.1.0.23 - WildTangent) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Quest (HKLM-x32\...\WTA-008527c2-8275-47dd-991e-2df7f84d30d6) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-df6316c5-aa13-4eca-83f1-418d2ea3aac3) (Version: 2.2.0.98 - WildTangent) Hidden
Maestro: Music of Death (HKLM-x32\...\WTA-a637de4b-ac9f-45e8-adfb-96aa54c5753c) (Version: 1.1.0.23 - WildTangent) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MBSS All Products 3.2 (HKLM-x32\...\MBSS All Products_is1) (Version: - Mathematically Beautiful Screen Savers)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.213 - McAfee, Inc.)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mystery of the Ancients: Three Guardians (HKLM-x32\...\WTA-ec4fe0a0-7356-424f-b366-2e0a3da254e6) (Version: 1.1.2.4 - WildTangent) Hidden
Myths of Orion: Light From The North (HKLM-x32\...\WTA-8c376da7-21de-4a1a-b0c0-2d6c5f4d1876) (Version: 3.0.2.126 - WildTangent) Hidden
Order of the Light: The Deathly Artisan Collector's Edition (HKLM-x32\...\WTA-54c140b4-7688-4e7c-9136-56e7b2bfc977) (Version: 1.1.2.4 - WildTangent) Hidden
Pentablet version 1.5.2.180828 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.5.2.180828 - XPPEN Technology)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7235 - Realtek Semiconductor Corp.)
Redemption Cemetary: Salvation of the Lost (HKLM-x32\...\WTA-1dcc3039-14a8-4c4e-b9a3-bb9d38b7e757) (Version: 1.1.2.4 - WildTangent) Hidden
Redemption Cemetery: Bitter Frost (HKLM-x32\...\WTA-df4f680a-467c-4e46-9502-ae94645b5cf6) (Version: 1.1.2.4 - WildTangent) Hidden
Redemption Cemetery: Grave Testimony (HKLM-x32\...\WTA-ac6a1029-4a8d-4056-8c13-850898c0e4c4) (Version: 3.0.2.126 - WildTangent) Hidden
Sable Maze: Norwich Caves (HKLM-x32\...\WTA-30ff33af-5f07-4412-a0e3-b391e7134d81) (Version: 1.1.2.4 - WildTangent) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Suite Specific (HKLM-x32\...\{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}) (Version: 2.0.0 - Adobe Systems, Incorporated)
Surface: Mystery of Another World (HKLM-x32\...\WTA-e88d49a2-2d52-4b8e-9740-e4083e7d52a9) (Version: 3.0.2.126 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Where Angels Cry: Tears of the Fallen Collector's Edition (HKLM-x32\...\WTA-fa768d00-1445-493d-b530-5effc37a8bf8) (Version: 1.1.2.4 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.35 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.40 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.47 - WildTangent) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1498807687-2397506290-3852286947-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-25] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-25] (AVAST Software)
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2004-12-14] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-25] (AVAST Software)
ContextMenuHandlers1-x32: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-25] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-10-25] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2018-05-02] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C820EE-A555-4A9F-AA6C-85D2095F2A8B} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-25] (AVAST Software)
Task: {05085BF8-2F6F-4529-A0EC-F43B772EC40F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {0F5D57E3-30A6-4674-B1F2-D5406F735EB5} - System32\Tasks\SafeZone scheduled Autoupdate 1457823064 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {152F76AC-A967-454F-A4FD-25A963105ED8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1E2F586F-B8A2-448A-B889-F8794EF8439C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {21537B95-F506-42A6-80EC-3DCA4D1CE35D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {277C2F24-00F8-4890-B226-EA18EEC4A023} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {305977B0-130C-4799-B205-DA0C41B26603} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-14] (Realtek Semiconductor)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36435EF2-83DC-44A8-AB5D-DDC84252335E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-25] (AVAST Software)
Task: {39BEC352-AD65-4265-97A6-DA79AD1F5EC5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3D536619-D4DC-4695-B1A8-6D74FF03F710} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-12] (Piriform Ltd)
Task: {3DC103F8-107E-411B-93F2-F9C57A473029} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {40BCBAB9-AAE7-4F36-A015-8E786F28A7C6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-12] (Piriform Ltd)
Task: {425CE859-3074-4BE4-B500-2A064E8AF54D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-11-01] (AVAST Software)
Task: {491AA1F5-A154-474B-9035-DBF1847874AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {53AB3FD0-EFBE-43A3-B4DA-CE82A1179A75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5B67092F-A897-475C-9840-893DA2EF1FEE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5BFCB5C7-626C-4360-B3A2-9D1F5370833C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7A1E6999-6B21-479A-BAEB-3C1B5A58BD33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {7BB25B29-9FB8-485F-84D1-4BEAEEE9C48D} - System32\Tasks\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Sandy\AppData\Local\Temp\Temp1_USBFormat.zip\usb_format.exe <==== ATTENTION
Task: {81D9E591-386E-4253-8EDA-4006C7453206} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {8325F6A8-6E0A-4A96-A9DB-0CFF4EBDE1A1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {859A94B1-F50D-4285-A5C6-CFFDAA0DB224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {90F3C746-E628-4171-9F18-B3647355A3B9} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek)
Task: {9120F3E0-2DBB-412E-B4CF-D026A34BA52E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {912EB4F1-40A6-4849-877E-D9C9D26EA13B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {93C07F9D-62CD-4EAA-965B-7508DBA66A77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {960BB529-728B-4BBA-BE2F-47CB10DF2C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {98204AC4-6C4E-44EA-B9F9-21C66928CDAA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9C9B8591-5A9C-4CAE-B857-6C3057C326E7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-10-25] (AVAST Software)
Task: {C038AC15-8417-46DF-9536-C295EB251C21} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C11B64BC-4EF8-40FA-9A29-72950B117D20} - \WPD\SqmUpload_S-1-5-21-1498807687-2397506290-3852286947-1001 -> No File <==== ATTENTION
Task: {C99BACBD-FB65-4614-A911-D5D7FAB70488} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {D5EF6CFC-D658-4F53-A05C-B5DF8388EA2B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D946A03A-53CF-445D-BAA3-0CC63451B719} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DAE8EE8C-34C3-423B-B24D-2D905FE31DC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {E301DE0D-3505-443D-A92E-A419784DAE1D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {E77BC109-3067-4A05-80C4-0724C804FF88} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {EE858591-D700-41CE-9582-6EE89D729D09} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {F8BC3518-5B4F-40A4-9599-E27CBAEBD762} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Sandy\AppData\Local\Microsoft\Windows\RoamingTiles\1431596800.lnk -> hxxp://tvlistings.zap2it.com/my-faves?aid=zap2it&loginRedirectReq=tru
Shortcut: C:\Users\Sandy\AppData\Local\Microsoft\Windows\RoamingTiles\21332297470.lnk -> hxxp://www.fortedmontonpark.ca/plan-your-trip/attractions/fort-edmonton-park-map

ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1431596800.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x79cc2de3 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000046 hxxp://tvlistings.zap2it.com/my-faves?aid=zap2it&loginRedirectReq=true
ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\21332297470.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xa5485429 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000051 hxxp://www.fortedmontonpark.ca/plan-your-trip/attractions/fort-edmonton-park-map/

==================== Loaded Modules (Whitelisted) ==============

2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-06 04:29 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-06 04:29 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-09 23:29 - 2018-09-19 19:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-03 20:00 - 2018-10-03 20:04 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-10-22 18:26 - 2018-10-22 18:26 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-10-22 18:26 - 2018-10-22 18:26 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-22 18:26 - 2018-10-22 18:26 - 010978304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-10-22 18:26 - 2018-10-22 18:26 - 002810368 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-10 22:04 - 2018-07-10 22:14 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-22 18:26 - 2018-10-22 18:26 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-10 16:36 - 2018-10-10 16:51 - 021564416 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.1.0.16_x86__h6adky7gbf63m\W8.1EntryPoint.exe
2018-10-25 20:26 - 2018-10-25 20:26 - 000604376 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2014-04-02 14:46 - 2014-04-02 14:46 - 000117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 000037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 000018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 14:46 - 2014-04-02 14:46 - 000020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2018-03-08 19:54 - 2018-03-08 19:54 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-10-25 20:26 - 2018-10-25 20:26 - 000598232 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-04-27 08:24 - 2013-04-27 08:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2018-10-10 16:36 - 2018-10-10 16:51 - 000032768 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.1.0.16_x86__h6adky7gbf63m\InAppPurchaseComponentW8_x86.dll
2018-10-10 16:36 - 2018-10-10 16:51 - 000361472 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.1.0.16_x86__h6adky7gbf63m\IGPLib_x86.dll
2018-10-10 16:36 - 2018-10-10 16:51 - 001019392 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.1.0.16_x86__h6adky7gbf63m\WCPToolkit.dll
2018-10-26 12:29 - 2018-10-24 08:22 - 004391760 _____ () C:\Program Files (x86)\AVAST Software\Browser\Application\69.1.867.100\libglesv2.dll
2018-10-26 12:29 - 2018-10-24 08:22 - 000108968 _____ () C:\Program Files (x86)\AVAST Software\Browser\Application\69.1.867.100\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2018-10-03 19:51 - 000000825 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\WINDOWS\pss\Avast Cleanup Premium.lnkCommon Startup
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SBrowserCheck"
HKU\S-1-5-21-1498807687-2397506290-3852286947-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BFA3C2F6-9646-448E-AB79-B63436E958E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{409D4791-AB35-4DCE-BAEA-BCD2C3214649}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF332D52-0BD6-4C56-940A-2B7B018EBB72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AEF41EC-009D-4D2B-ADD1-314DF5A5282C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05C5E708-E17F-4161-BE3B-BDA6FA7F9663}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B44FFE63-DE34-43DE-8CE7-F6170E9C491F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{D8D96923-550E-42CB-AC59-C40A16E6D267}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{531F36F6-FF3A-4AA4-8638-C901F527E779}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{C876BF03-3508-48E2-9FF1-56A70CBC60D2}] => (Allow) LPort=5357
FirewallRules: [{8166216E-B446-4ACF-932F-AA653DCDC479}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E0A2CFA6-A286-4926-B7D7-3193BDE1935F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C4EEA024-660C-4696-9522-2E7F06424ECE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{348D5E95-92A9-4904-B4B2-C0E91D1DC3F1}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{368DD4A1-1E0E-477D-8FCC-98155BF01908}] => (Allow) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{69964364-A7F5-4A4E-A8E1-2DAA0FFC26D6}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{33036EDC-AD6A-4236-9898-648BBF39DAAC}] => (Allow) c:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CB43A2A4-5B27-4E01-BD79-84BB59FF0693}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{37D7B259-4C45-4197-9C27-512B08345A9C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{71CB66D6-65E2-429F-ADEA-26CAA9CF8F70}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{98FB980D-E7D5-4A2A-BB83-E8E06D20569F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{54CC90E3-BFB5-4E89-95D6-87ACC34038B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{81618443-483C-4378-9BDA-18309125B8D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{EEB46E4E-9259-4CEF-9B97-E92AD49A791A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AD7FC921-CBEA-49C0-B1AB-041DF171BC33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{0892C5A6-52EB-430B-B1C7-53D476ABA265}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4E943FBD-F4D1-4693-9240-36E6ACB5FEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{89A200C1-1FF1-47B5-8A1F-EB3AA7330D78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5B7C6B83-A3EF-42AC-9A41-D4376B0A4A44}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{C729BED3-D250-4EEF-AAB9-B9B9851A8A5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{80B63E8C-4642-4F80-A54F-8C6FFB934403}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{49A1C831-08BC-4264-AC10-FF5CE7066E39}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

25-10-2018 00:18:02 Scheduled Checkpoint
03-11-2018 22:05:40 Scheduled Checkpoint
05-11-2018 22:55:39 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2018 12:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27370985

Error: (11/06/2018 12:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27370985

Error: (11/06/2018 12:27:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2018 02:03:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007a24d
Faulting process id: 0x71c
Faulting application start time: 0x01d475aa87de5e04
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 189ee39e-24d7-4e0a-84b1-d1d9ec29e858
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2018 12:11:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x6f9a188b
Faulting process id: 0x2a34
Faulting application start time: 0x01d475a77fc6e0d5
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 1512a6f1-6270-422a-8cd0-968aa3c5fc60
Faulting package full name:
Faulting package-relative application ID:

Error: (11/05/2018 11:57:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4124,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU03D08.log.

Error: (11/05/2018 10:43:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0xca4
Faulting application start time: 0x01d4759969fb372e
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: a42882d7-0792-4e9f-83d6-8cefef217ddf
Faulting package full name:
Faulting package-relative application ID:

Error: (11/05/2018 10:24:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x348c
Faulting application start time: 0x01d4758ffc7d0b37
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: 9adefc7e-1ef6-4231-a7bc-168c0cac0eab
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/06/2018 01:05:37 PM) (Source: DCOM) (EventID: 10016) (User: PEGICORNHOME)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Pegicornhome\Sandy SID (S-1-5-21-1498807687-2397506290-3852286947-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2018 12:34:10 PM) (Source: DCOM) (EventID: 10016) (User: PEGICORNHOME)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user Pegicornhome\Sandy SID (S-1-5-21-1498807687-2397506290-3852286947-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2018 12:31:18 PM) (Source: DCOM) (EventID: 10016) (User: PEGICORNHOME)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Pegicornhome\Sandy SID (S-1-5-21-1498807687-2397506290-3852286947-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.92.390.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2018 12:30:50 PM) (Source: DCOM) (EventID: 10016) (User: PEGICORNHOME)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user Pegicornhome\Sandy SID (S-1-5-21-1498807687-2397506290-3852286947-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2018 12:30:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (11/06/2018 12:28:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (11/06/2018 12:27:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2018 04:51:06 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2018-11-06 04:49:00.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 04:48:55.558
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 04:48:54.563
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 04:46:28.562
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 03:50:05.090
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 03:50:02.314
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 03:49:59.444
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-06 00:30:57.889
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3982.68 MB
Available physical RAM: 1643.43 MB
Total Virtual: 8078.68 MB
Available Virtual: 4818.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:94.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.57 GB) NTFS

\\?\Volume{ffa03883-1690-42bc-9110-bda16591ed76}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.52 GB) NTFS
\\?\Volume{81edf113-8c44-4696-9cea-94ad7138c166}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.02 GB) NTFS
\\?\Volume{19dff712-b913-46b9-88cc-904cecb26ce4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 543DAE44)

Partition: GPT.

==================== End of Addition.txt ============================

Juliet
2018-11-07, 17:59
I have found maybe 3/4 different antivirus apps on your computer.
I think, mostly remnants of 2/3 but I need to know if I'm right.

Avast <==main antivirus

Avira Free Antivirus <==remnants?
Avg Free Antivirus <==remnants?
C:\Program Files (x86)\TotalAV <==remnants?
~~~
we'll need to remove those.

~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::



Start::
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
Task: {152F76AC-A967-454F-A4FD-25A963105ED8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {39BEC352-AD65-4265-97A6-DA79AD1F5EC5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3DC103F8-107E-411B-93F2-F9C57A473029} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {53AB3FD0-EFBE-43A3-B4DA-CE82A1179A75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5B67092F-A897-475C-9840-893DA2EF1FEE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5BFCB5C7-626C-4360-B3A2-9D1F5370833C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7BB25B29-9FB8-485F-84D1-4BEAEEE9C48D} - System32\Tasks\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Sandy\AppData\Local\Temp\Temp1_USBFormat.zip\usb_format.exe <==== ATTENTION
Task: {8325F6A8-6E0A-4A96-A9DB-0CFF4EBDE1A1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {859A94B1-F50D-4285-A5C6-CFFDAA0DB224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {960BB529-728B-4BBA-BE2F-47CB10DF2C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {98204AC4-6C4E-44EA-B9F9-21C66928CDAA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C038AC15-8417-46DF-9536-C295EB251C21} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C11B64BC-4EF8-40FA-9A29-72950B117D20} - \WPD\SqmUpload_S-1-5-21-1498807687-2397506290-3852286947-1001 -> No File <==== ATTENTION
Task: {D5EF6CFC-D658-4F53-A05C-B5DF8388EA2B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D946A03A-53CF-445D-BAA3-0CC63451B719} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1431596800.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x79cc2de3 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000046 hxxp://tvlistings.zap2it.com/my-faves?aid=zap2it&loginRedirectReq=true
ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\21332297470.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xa5485429 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000051 hxxp://www.fortedmontonpark.ca/plan-your-trip/attractions/fort-edmonton-park-map/
C:\Windows\Temp\*.*
Emptytemp:
End::



Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



*****
http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply

created by Aura


Your next reply(ies) should therefore contain:

Copy/pasted Fixlog.txt
Copy/pasted AdwCleaner clean log
Copy/pasted RogueKiller clean log

Pegicorn
2018-11-08, 00:30
Hi Juliet,
Thanks for the quick response. I think the format of Roguekiller may have changed because some of the directions of what and where to click didn't match with the actual downloaded program but I have added the resulting report. Please see resulting logs below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 07.11.2018
Ran by Sandy (07-11-2018 12:20:21) Run:1
Running from C:\Program Files
Loaded Profiles: Sandy (Available Profiles: Sandy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
Task: {152F76AC-A967-454F-A4FD-25A963105ED8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {39BEC352-AD65-4265-97A6-DA79AD1F5EC5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3DC103F8-107E-411B-93F2-F9C57A473029} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {53AB3FD0-EFBE-43A3-B4DA-CE82A1179A75} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5B67092F-A897-475C-9840-893DA2EF1FEE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5BFCB5C7-626C-4360-B3A2-9D1F5370833C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7BB25B29-9FB8-485F-84D1-4BEAEEE9C48D} - System32\Tasks\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Sandy\AppData\Local\Temp\Temp1_USBFormat.zip\usb_format.exe <==== ATTENTION
Task: {8325F6A8-6E0A-4A96-A9DB-0CFF4EBDE1A1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {859A94B1-F50D-4285-A5C6-CFFDAA0DB224} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {960BB529-728B-4BBA-BE2F-47CB10DF2C05} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {98204AC4-6C4E-44EA-B9F9-21C66928CDAA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C038AC15-8417-46DF-9536-C295EB251C21} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C11B64BC-4EF8-40FA-9A29-72950B117D20} - \WPD\SqmUpload_S-1-5-21-1498807687-2397506290-3852286947-1001 -> No File <==== ATTENTION
Task: {D5EF6CFC-D658-4F53-A05C-B5DF8388EA2B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D946A03A-53CF-445D-BAA3-0CC63451B719} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1431596800.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x79cc2de3 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000046 hxxp://tvlistings.zap2it.com/my-faves?aid=zap2it&loginRedirectReq=true
ShortcutWithArgument: C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\21332297470.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xa5485429 -pinnedTimeHigh 0x01cf2b95 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000051 hxxp://www.fortedmontonpark.ca/plan-your-trip/attractions/fort-edmonton-park-map/
C:\Windows\Temp\*.*
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152F76AC-A967-454F-A4FD-25A963105ED8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152F76AC-A967-454F-A4FD-25A963105ED8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39BEC352-AD65-4265-97A6-DA79AD1F5EC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39BEC352-AD65-4265-97A6-DA79AD1F5EC5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DC103F8-107E-411B-93F2-F9C57A473029}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DC103F8-107E-411B-93F2-F9C57A473029}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53AB3FD0-EFBE-43A3-B4DA-CE82A1179A75}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53AB3FD0-EFBE-43A3-B4DA-CE82A1179A75}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B67092F-A897-475C-9840-893DA2EF1FEE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B67092F-A897-475C-9840-893DA2EF1FEE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BFCB5C7-626C-4360-B3A2-9D1F5370833C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BFCB5C7-626C-4360-B3A2-9D1F5370833C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BB25B29-9FB8-485F-84D1-4BEAEEE9C48D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BB25B29-9FB8-485F-84D1-4BEAEEE9C48D}" => removed successfully
C:\WINDOWS\System32\Tasks\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D95C9BA5-36DA-42C3-BB94-3086F2247E6D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8325F6A8-6E0A-4A96-A9DB-0CFF4EBDE1A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8325F6A8-6E0A-4A96-A9DB-0CFF4EBDE1A1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{859A94B1-F50D-4285-A5C6-CFFDAA0DB224}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{859A94B1-F50D-4285-A5C6-CFFDAA0DB224}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{960BB529-728B-4BBA-BE2F-47CB10DF2C05}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960BB529-728B-4BBA-BE2F-47CB10DF2C05}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98204AC4-6C4E-44EA-B9F9-21C66928CDAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98204AC4-6C4E-44EA-B9F9-21C66928CDAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C038AC15-8417-46DF-9536-C295EB251C21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C038AC15-8417-46DF-9536-C295EB251C21}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11B64BC-4EF8-40FA-9A29-72950B117D20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11B64BC-4EF8-40FA-9A29-72950B117D20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1498807687-2397506290-3852286947-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5EF6CFC-D658-4F53-A05C-B5DF8388EA2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5EF6CFC-D658-4F53-A05C-B5DF8388EA2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D946A03A-53CF-445D-BAA3-0CC63451B719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D946A03A-53CF-445D-BAA3-0CC63451B719}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\1431596800.lnk => Shortcut argument removed successfully
C:\Users\Sandy\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\21332297470.lnk => Shortcut argument removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\lpksetup-20181104-214846-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181105-145938-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181105-205854-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181105-235645-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181106-044746-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181106-131817-0.log => moved successfully
C:\Windows\Temp\lpksetup-20181106-132734-0.log => moved successfully
C:\Windows\Temp\MSI1f162.LOG => moved successfully
C:\Windows\Temp\MSI8f627.LOG => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 161295284 B
Java, Flash, Steam htmlcache => 1144 B
Windows/system/drivers => 43859079 B
Edge => 1225986 B
Chrome => 2637923 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 35906 B
LocalService => 0 B
NetworkService => 10460 B
NetworkService => 0 B
Sandy => 50547005 B

RecycleBin => 0 B
EmptyTemp: => 256.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:22:33 ====

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-07-2018
# Duration: 00:00:17
# OS: Windows 10 Home
# Cleaned: 17
# Failed: 1


***** [ Services ] *****

Deleted SecurityService

***** [ Folders ] *****

Deleted C:\ProgramData\RegInOut
Not Deleted C:\Program Files (x86)\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
Deleted C:\Users\Sandy\AppData\Roaming\TotalAV
Deleted C:\Users\Sandy\Documents\TotalAV
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Sandy\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Deleted C:\Users\Sandy\Desktop\TotalAV.lnk
Deleted C:\Windows\System32\drivers\swdumon.sys
Deleted C:\Users\Sandy\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2561 octets] - [07/11/2018 12:47:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov 6 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Sandy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/07 14:13:28 (Duration : 01:06:38)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Slimware (Potentially Malicious)] SWDUMon -- %SystemRoot%\system32\DRIVERS\SWDUMon.sys -> Stopped
[PUP.Slimware (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon -- [%SystemRoot%\system32\DRIVERS\SWDUMon.sys] -> Deleted
[PUP.PCProtect (Potentially Malicious)] TotalAV -- %programfiles(x86)%\TotalAV -> Deleted
[PUP.PCProtect (Potentially Malicious)] TotalAV -- %programfiles(x86)%\TotalAV -> Removed at reboot [2]

Juliet
2018-11-08, 11:49
Let's check for remnants



Open Malwarebytes Anti-Malware

Then go to the Dashboard and click on SCAN NOW
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
Then click on POST
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select [img=http://i.imgur.com/Spcusrh.png]Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Please post these 2 logs when finished.

Also, tell me how the computer is now.

Pegicorn
2018-11-08, 23:32
Hi Juliet,

Thanks again for the prompt response. I ran both of these scans but both came back clean (see below). My system is significantly faster than it was but unfortunately my Google Chrome is still the same. I took a screenshot of it but cannot load it to show you.

Please advise my next steps.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/8/18
Scan Time: 12:27 PM
Log File: a880dfb2-e394-11e8-8d49-f07959b70e65.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7753
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: PEGICORNHOME\Sandy

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298517
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

Forensics log

Date Component Action Details
11/8/2018 12:55:02 PM Scanner Scan finished Scanned 25503 objects and found nothing.
11/8/2018 12:45:47 PM User PEGICORNHOME\Sandy Scan started Malware Scan
11/8/2018 12:45:21 PM User PEGICORNHOME\Sandy Setting modified "Detect PUPs" has been changed to "Enabled".
11/8/2018 12:44:44 PM User Update Downloaded and installed 123 files (11484 kb) (1 min. 56 sec.).
11/8/2018 12:42:48 PM Core Notification "Recommended Reading:How to remove fileless malware".
11/8/2018 12:42:42 PM User Update Failed with error "Server returned error" (0 sec.).

Juliet
2018-11-09, 01:47
I'm beginning to think it's not malware but something with either antivirus block, or Google Chrome itself.

What we can attempt is a reset, then if that doesn't work, uninstall/reinstall and see how that goes.

http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

if you can do a screen capture and save it to desktop, then you should be able to attach that here using the attachment button.

Pegicorn
2018-11-09, 03:20
Hi Juliet,
Thank you for your help and suggestions. I had been unable to access Google Chrome without the attached window displaying which I had never seen before (nor had anyone I know who I showed this to) and was afraid to click any of the buttons in case this would enable a virus or any further intrusion into my pc. Your last suggestions asked me to open Chrome, which I believed was the issue, so I took the plunge and clicked the icon in this window. This brought me to my regular Google Chrome page. I feel like I have wasted your time and for that I apologise. If nothing else my pc is so much faster now we've cleared the junk. One thing I will mention is that I can no longer operate my speakers from the taskbar, so if you could help me fix this I would appreciate it.

Thanks Sandy

Juliet
2018-11-09, 12:35
You haven't wasted my time.

try this
Click on the Start button and then Control Panel.

In the Control Panel double-click on the Sounds and Audio Devices icon.

Under Device Volume put a checkmark next to the checkbox labeled Place volume icon in the taskbar.

Press the Apply button and then the OK button.

You should now have a volume icon in your taskbar.


https://www.thewindowsclub.com/volume-icon-missing-from-taskbar-windows

Pegicorn
2018-11-09, 13:54
Hi Juliet,
Thanks again for the suggestion. So I went into the control Panel (see attached) and couldn't see the Sounds and Audio Devices icon, so I double-clicked the Hardware & Sound (see attached screenshot). I still didn't see Device Volume so I clicked Manage Audio Devices under sound (see attached) and still couldn't find any checkboxes for "Place volume icon in the taskbar", so I tried all of the other options including properties, and still no luck I'm afraid.

I also took a look at the link you added about "missing volume icon in your taskbar", my icon isn't missing, it's just not working (nothing happens when I select it from the taskbar) but I tried all the same. I found the settings page to turn systems icons on or off. Volume was on. I toggled off and on again but it's still not working.

Sorry to be such a pain :)

Juliet
2018-11-09, 20:33
I've tried to research and pull together a few things to help (I hope)

To run chkdsk /r

Type cmd in search
Right click the command prompt response to “run as administrator”
Run chkdsk /r in the command prompt window (note the space between k and /)
The response will be the option to run chkdsk /r after your next reboot click yes.
Now reboot and go do other business. When finished, and it can take some time, Windows should reboot.
Check the sound icon.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I would suggest you to try reinstalling the audio driver in compatibility mode and check the issue.

You need to download audio driver from the computer manufacturer's website.

Further, please follow these steps:

a. Right click the audio driver file and click properties.

b. Click compatibility tab.

c. Click to check "Run this program in compatibility mode for" box and select Windows 8.

d. Click apply and ok.

Now, install the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please run playing audio troubleshooter and check if it helps. Please follow these steps:

a. Type troubleshooting in the search box on taskbar and click on it in search results.
b. Click "View all" and then click "Playing Audio".
c. Click "Next" and follow on-screen instructions.

Some people state running the above 2 times fixed their issues.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Please keep us updated.

Pegicorn
2018-11-10, 08:35
Hi again Juliet,

Looks like the chkdsk fix did the trick! I am now able to access my speakers from the taskbar. yay!!
Thanks for all your help.

Sandy

Juliet
2018-11-10, 13:13
Yeah!

Let's remove tools and quarantine folders now.

DelFix


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

********

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (https://en.wikipedia.org/wiki/Exploit_kit) (and also 0-days (https://en.wikipedia.org/wiki/Zero-day_(computing))) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like https://i.imgur.com/eF2jhaz.pngUCheck (https://www.adlice.com/download/ucheck/), SUMo (http://www.kcsoftwares.com/?sumo) and https://i.imgur.com/y5YE7At.pngHeimdal Free (http://www.bleepingcomputer.com/download/heimdal-free/) will scan your system for outdated programs, and help you identify them, as well as update them.

UCheck Documentation (https://www.adlice.com/documentation/ucheck/documentation/)



Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7
How Malware Spreads - How did I get infected (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams (aka Grinler)
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes
Tips & Advice (http://www.staysafeonline.org/stop-think-connect/tips-and-advice) on StaySafeOnline.org

created by Aura