Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Toshiba Satellite with Windows 10 has Virus

  1. #1
    Junior Member
    Join Date
    May 2017
    Posts
    12

    Default Toshiba Satellite with Windows 10 has Virus

    Hello! My computer has a virus (maybe several). I believe it has been on my computer for some time, but an alert recently appeared via Semantic Endpoint Protection that I am infected with the Trojan.Gen.2 virus. According to my computer, it is quarantined, but I am getting several popup messages that could be from the virus and my computer is incredibly slow. I am concerned about my information being compromised and the someone remotely accessing my computer using the virus. I am also concerned that my files on the computer are compromised and I am afraid to back them up onto my hard drive lest I spread the virus there.

    Here is my FARBAR LOG:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2017
    Ran by Imogen (administrator) on IMOGENCOMPUTER (10-10-2017 22:38:56)
    Running from C:\Users\Imogen\Downloads
    Loaded Profiles: Imogen (Available Profiles: Imogen)
    Platform: Windows 10 Home Version 1511 170904-1742 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    () C:\Windows\SysWOW64\SMITSC.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe
    () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\SavUI.exe
    (Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
    (Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
    HKLM\...\Run: [ChromaTuneTOSHIBAx64] => C:\Program Files\Portrait Displays\Chroma Tune for TOSHIBA\ChromaTune.exe [2967432 2014-03-25] (Portrait Displays, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-11-20] (Synaptics Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-06] (AVAST Software)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
    HKLM-x32\...\Run: [Coffee] => C:\Program Files (x86)\Steven Cole\Coffee\Coffee.exe /hide
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\Run: [Spotify Web Helper] => C:\Users\Imogen\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-09] (Spotify Ltd)
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\RunOnce: [Uninstall C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Imogen\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-18]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 10.5.0.2 10.5.0.3
    Tcpip\..\Interfaces\{d648a6b7-7ba3-4864-bca0-d7b0a8b5dd36}: [DhcpNameServer] 10.5.0.2 10.5.0.3
    Tcpip\..\Interfaces\{f2ddaa93-8e83-4867-b8f8-0caf016a7bdd}: [DhcpNameServer] 8.8.8.8 207.172.3.8

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> DefaultScope {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {BA03D666-13B0-48B9-B111-4AC1D2588250} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-29] (Microsoft Corporation)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\bin\IPS\IPSBHO.DLL [2015-08-10] (Symantec Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-29] (Microsoft Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-29] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-16] ()
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-16] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-29] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-29] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR Profile: C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default [2017-10-10]
    CHR Extension: (Google Slides) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
    CHR Extension: (Google Docs) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
    CHR Extension: (Google Drive) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
    CHR Extension: (Google Sheets) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
    CHR Extension: (McAfeeŽ WebAdvisor) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-03]
    CHR Extension: (Google Docs Offline) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
    CHR Extension: (Gmail) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
    CHR Extension: (Chrome Media Router) - C:\Users\Imogen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-06] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-06] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
    R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
    R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
    R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-22] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    S3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\ccSvcHst.exe [145008 2015-08-10] (Symantec Corporation)
    R2 SMITS; C:\Windows\SysWOW64\SMITSC.exe [13312 2014-02-27] () [File not signed]
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe [396344 2015-08-10] (Symantec Corporation)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-11-20] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-10] (AVAST Software s.r.o.)
    R3 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-10] (AVAST Software s.r.o.)
    R3 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-10] (AVAST Software s.r.o.)
    R3 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-10] (AVAST Software s.r.o.)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-10] (AVAST Software)
    R3 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-10] (AVAST Software)
    R3 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-10] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-10] (AVAST Software)
    R3 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-10] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-10] (AVAST Software)
    R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-10] (AVAST Software)
    R3 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-10] (AVAST Software)
    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\BASHDefs\20171002.005\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
    R1 ccSettings_{074772AE-B3BA-4F23-8E12-773353CB6A63}; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\ccSetx64.sys [162392 2015-08-10] (Symantec Corporation)
    S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-06-28] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-06-28] (Symantec Corporation)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\IPSDefs\20171010.011\IDSvia64.sys [1056920 2017-09-22] (Symantec Corporation)
    U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-06] ()
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-09-13] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-19] (Malwarebytes)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
    R3 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
    R3 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\ENG64.SYS [138880 2017-06-08] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Definitions\VirusDefs\20171010.007\EX64.SYS [2152064 2017-06-08] (Symantec Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
    R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
    R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
    R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-11-20] (Synaptics Incorporated)
    R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSP64.SYS [890584 2015-08-10] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SRTSPX64.SYS [37592 2015-08-10] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\SyDvCtrl64.sys [36952 2015-08-10] (Symantec Corporation)
    R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0501010.002\symefasi.sys [1616088 2015-08-31] (Symantec Corporation)
    S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SymELAM.sys [23568 2015-08-10] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2015-08-31] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\Ironx64.SYS [270040 2015-08-10] (Symantec Corporation)
    R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011818\1770.105\x64\SYMNETS.SYS [594136 2015-08-10] (Symantec Corporation)
    R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [168304 2015-08-31] (Symantec Corporation)
    R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2015-08-10] (Symantec Corporation)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-05-14] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-14] (Zemana Ltd.)
    U3 aswbdisk; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-10 22:39 - 2017-10-10 22:39 - 005198336 _____ (AVAST Software) C:\Users\Imogen\Downloads\aswMBR (1).exe
    2017-10-10 22:36 - 2017-10-10 22:36 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (2).exe
    2017-10-10 22:35 - 2017-10-10 22:35 - 002401792 _____ (Farbar) C:\Users\Imogen\Downloads\FRST64 (1).exe
    2017-10-10 22:21 - 2017-10-10 22:21 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.150768846578102
    2017-10-10 22:20 - 2017-10-10 22:20 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2017-10-02 18:32 - 2017-10-02 18:32 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign8a24a289c8b23b38
    2017-10-02 18:31 - 2017-10-02 18:31 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign80085d5144711912
    2017-09-30 12:21 - 2017-09-30 12:21 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-09-30 12:21 - 2017-09-30 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-09-30 12:20 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iPod
    2017-09-30 12:19 - 2017-09-30 12:20 - 000000000 ____D C:\Program Files\iTunes
    2017-09-30 12:12 - 2017-09-30 12:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-09-30 12:11 - 2017-09-30 12:11 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-09-29 20:44 - 2017-10-02 19:41 - 000000000 ___HD C:\$WINDOWS.~BT
    2017-09-29 00:21 - 2017-09-29 20:44 - 000000036 _____ C:\WINDOWS\progress.ini
    2017-09-29 00:20 - 2017-10-10 22:34 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
    2017-09-29 00:20 - 2017-10-02 19:42 - 000000000 ___HD C:\$GetCurrent
    2017-09-29 00:19 - 2017-10-10 22:35 - 000000000 ____D C:\Windows10Upgrade
    2017-09-29 00:19 - 2017-10-10 22:34 - 000000808 _____ C:\Users\Imogen\Desktop\Windows 10 Update Assistant.lnk
    2017-09-29 00:06 - 2017-09-29 00:06 - 000000000 ____D C:\WINDOWS\UpdateAssistant
    2017-09-27 14:23 - 2017-09-27 14:23 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5ee5f4573fcdfe05
    2017-09-27 14:07 - 2017-09-27 14:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsigne3cf91e2102521ac
    2017-09-24 21:43 - 2017-09-24 21:43 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign2ded4c44589b0933
    2017-09-24 21:42 - 2017-09-24 21:42 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign19a95e5da5032d1e
    2017-09-23 12:18 - 2017-09-23 12:18 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignffcbcc1389802a89
    2017-09-23 12:01 - 2017-09-23 12:01 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign14947d40c0627211
    2017-09-20 17:09 - 2017-09-20 17:09 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignc822c6133215b226
    2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign866d8ebbbfeeea20
    2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign5fbba4f6740b53c7
    2017-09-20 17:04 - 2017-09-20 17:04 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign297cc218c723f802
    2017-09-16 10:46 - 2017-09-16 10:46 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-09-13 15:11 - 2017-09-05 05:07 - 000994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
    2017-09-13 15:11 - 2017-09-05 03:56 - 001552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-09-13 15:11 - 2017-09-05 03:51 - 000808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-09-13 15:11 - 2017-09-05 03:45 - 006536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2017-09-13 15:11 - 2017-09-05 03:20 - 000845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2017-09-13 15:11 - 2017-09-05 03:19 - 001862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-09-13 15:11 - 2017-09-05 03:19 - 001542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2017-09-13 15:11 - 2017-09-05 03:11 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
    2017-09-13 15:11 - 2017-09-05 03:11 - 000035624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
    2017-09-13 15:11 - 2017-09-05 02:47 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
    2017-09-13 15:11 - 2017-09-05 02:38 - 001349640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-09-13 15:11 - 2017-09-05 02:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
    2017-09-13 15:11 - 2017-09-05 02:32 - 002946672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-09-13 15:11 - 2017-09-05 02:32 - 000703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-09-13 15:11 - 2017-09-05 02:29 - 021123832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-09-13 15:11 - 2017-09-05 02:29 - 005240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-09-13 15:11 - 2017-09-05 02:29 - 000465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-09-13 15:11 - 2017-09-05 02:26 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2017-09-13 15:11 - 2017-09-05 02:23 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2017-09-13 15:11 - 2017-09-05 02:06 - 000546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-09-13 15:11 - 2017-09-05 02:06 - 000262496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2017-09-13 15:11 - 2017-09-05 02:05 - 000540280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-09-13 15:11 - 2017-09-05 02:04 - 001523184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2017-09-13 15:11 - 2017-09-05 02:04 - 001368176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2017-09-13 15:11 - 2017-09-05 02:04 - 000335248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2017-09-13 15:11 - 2017-09-05 02:04 - 000141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-09-13 15:11 - 2017-09-05 01:54 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2017-09-13 15:11 - 2017-09-05 01:40 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-09-13 15:11 - 2017-09-05 01:37 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-09-13 15:11 - 2017-09-05 01:30 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-09-13 15:11 - 2017-09-05 01:19 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
    2017-09-13 15:11 - 2017-09-05 01:15 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
    2017-09-13 15:11 - 2017-09-05 01:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
    2017-09-13 15:11 - 2017-09-05 01:13 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
    2017-09-13 15:11 - 2017-09-05 01:12 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
    2017-09-13 15:11 - 2017-09-05 01:11 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
    2017-09-13 15:11 - 2017-09-05 01:11 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
    2017-09-13 15:11 - 2017-09-05 01:10 - 002279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-09-13 15:11 - 2017-09-05 01:09 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
    2017-09-13 15:11 - 2017-09-05 01:08 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2017-09-13 15:11 - 2017-09-05 01:06 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
    2017-09-13 15:11 - 2017-09-05 01:03 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2017-09-13 15:11 - 2017-09-05 01:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
    2017-09-13 15:11 - 2017-09-05 01:02 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
    2017-09-13 15:11 - 2017-09-05 01:01 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-09-13 15:11 - 2017-09-05 01:00 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
    2017-09-13 15:11 - 2017-09-05 01:00 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
    2017-09-13 15:11 - 2017-09-05 00:57 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
    2017-09-13 15:11 - 2017-09-05 00:55 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2017-09-13 15:11 - 2017-09-05 00:53 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2017-09-13 15:11 - 2017-09-05 00:53 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
    2017-09-13 15:11 - 2017-09-05 00:52 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-09-13 15:11 - 2017-09-05 00:52 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-09-13 15:11 - 2017-09-05 00:51 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2017-09-13 15:11 - 2017-09-05 00:48 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2017-09-13 15:11 - 2017-09-05 00:48 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
    2017-09-13 15:11 - 2017-09-05 00:47 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-09-13 15:11 - 2017-09-05 00:46 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-09-13 15:11 - 2017-09-05 00:45 - 001151488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2017-09-13 15:11 - 2017-09-05 00:45 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2017-09-13 15:11 - 2017-09-05 00:41 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2017-09-13 15:11 - 2017-09-05 00:40 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2017-09-13 15:11 - 2017-09-05 00:38 - 003695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-09-13 15:11 - 2017-09-05 00:37 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2017-09-13 15:11 - 2017-09-05 00:37 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-09-13 15:11 - 2017-09-05 00:36 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
    2017-09-13 15:11 - 2017-09-05 00:23 - 004078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-09-13 15:11 - 2017-09-05 00:20 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2017-09-13 15:11 - 2017-09-05 00:20 - 001123328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2017-09-13 15:11 - 2017-09-05 00:19 - 007536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-09-13 15:11 - 2017-09-05 00:19 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
    2017-09-13 15:11 - 2017-09-05 00:18 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2017-09-13 15:11 - 2017-09-05 00:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-09-13 15:11 - 2017-09-05 00:16 - 001501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-09-13 15:11 - 2017-09-05 00:13 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-09-13 15:11 - 2017-09-05 00:12 - 004412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-09-13 15:11 - 2017-09-05 00:12 - 003053568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-09-13 15:11 - 2017-09-05 00:12 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2017-09-13 15:11 - 2017-09-05 00:11 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2017-09-13 15:11 - 2017-09-05 00:11 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
    2017-09-13 15:11 - 2017-09-05 00:10 - 006296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2017-09-13 15:11 - 2017-09-05 00:10 - 001799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-09-13 15:11 - 2017-09-05 00:07 - 003574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-09-13 15:11 - 2017-09-05 00:06 - 004759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-09-13 15:11 - 2017-09-05 00:04 - 005205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-09-13 15:11 - 2017-09-04 23:55 - 002770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-09-13 15:11 - 2017-09-04 23:51 - 004404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2017-09-13 15:11 - 2017-09-04 23:48 - 005327872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-09-13 15:11 - 2017-09-04 23:48 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2017-09-13 15:11 - 2017-09-04 23:44 - 006742528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-09-13 15:11 - 2017-09-04 23:44 - 002604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2017-09-13 15:11 - 2017-09-04 23:39 - 002632192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-09-13 15:11 - 2017-09-04 23:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-09-13 15:11 - 2017-06-17 01:56 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2017-09-13 15:11 - 2017-06-03 05:44 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2017-09-13 15:11 - 2016-09-07 00:31 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2017-09-13 15:11 - 2016-09-07 00:28 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2017-09-13 15:10 - 2017-09-05 05:32 - 001997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-09-13 15:10 - 2017-09-05 05:11 - 000042928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
    2017-09-13 15:10 - 2017-09-05 03:57 - 000245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2017-09-13 15:10 - 2017-09-05 03:47 - 022560232 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-09-13 15:10 - 2017-09-05 03:47 - 006605000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-09-13 15:10 - 2017-09-05 03:19 - 001558288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-09-13 15:10 - 2017-09-05 03:05 - 000388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-09-13 15:10 - 2017-09-05 02:59 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-09-13 15:10 - 2017-09-05 02:46 - 000824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-09-13 15:10 - 2017-09-05 02:28 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
    2017-09-13 15:10 - 2017-09-05 02:27 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-09-13 15:10 - 2017-09-05 02:19 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
    2017-09-13 15:10 - 2017-09-05 02:19 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2017-09-13 15:10 - 2017-09-05 02:17 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2017-09-13 15:10 - 2017-09-05 02:10 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-09-13 15:10 - 2017-09-05 02:04 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2017-09-13 15:10 - 2017-09-05 02:01 - 000727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2017-09-13 15:10 - 2017-09-05 01:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2017-09-13 15:10 - 2017-09-05 01:56 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-09-13 15:10 - 2017-09-05 01:52 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
    2017-09-13 15:10 - 2017-09-05 01:48 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2017-09-13 15:10 - 2017-09-05 01:44 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2017-09-13 15:10 - 2017-09-05 01:31 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-09-13 15:10 - 2017-09-05 01:30 - 000888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
    2017-09-13 15:10 - 2017-09-05 01:18 - 005123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-09-13 15:10 - 2017-09-05 01:17 - 001122816 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2017-09-13 15:10 - 2017-09-05 01:03 - 007977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2017-09-13 15:10 - 2017-09-05 00:44 - 007200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-09-13 15:10 - 2017-09-05 00:42 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2017-09-13 15:10 - 2017-09-05 00:15 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2017-09-13 15:10 - 2016-10-25 01:42 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2017-09-13 15:09 - 2017-09-05 05:34 - 001030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2017-09-13 15:09 - 2017-09-05 05:32 - 001098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2017-09-13 15:09 - 2017-09-05 05:31 - 007463776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2017-09-13 15:09 - 2017-09-05 05:29 - 001819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2017-09-13 15:09 - 2017-09-05 05:27 - 000754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-09-13 15:09 - 2017-09-05 05:14 - 001637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-09-13 15:09 - 2017-09-05 04:40 - 003449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2017-09-13 15:09 - 2017-09-05 03:51 - 003700816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-09-13 15:09 - 2017-09-05 03:48 - 000566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-09-13 15:09 - 2017-09-05 03:46 - 001540216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-09-13 15:09 - 2017-09-05 03:46 - 000692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2017-09-13 15:09 - 2017-09-05 03:45 - 001128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2017-09-13 15:09 - 2017-09-05 03:44 - 000625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-09-13 15:09 - 2017-09-05 03:44 - 000609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-09-13 15:09 - 2017-09-05 03:44 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2017-09-13 15:09 - 2017-09-05 03:19 - 000636816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-09-13 15:09 - 2017-09-05 03:19 - 000292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2017-09-13 15:09 - 2017-09-05 03:18 - 001777792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2017-09-13 15:09 - 2017-09-05 03:18 - 001597520 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2017-09-13 15:09 - 2017-09-05 03:18 - 000642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-09-13 15:09 - 2017-09-05 03:18 - 000380152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2017-09-13 15:09 - 2017-09-05 03:18 - 000147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-09-13 15:09 - 2017-09-05 02:45 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
    2017-09-13 15:09 - 2017-09-05 02:45 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-09-13 15:09 - 2017-09-05 02:34 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-09-13 15:09 - 2017-09-05 02:34 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2017-09-13 15:09 - 2017-09-05 02:32 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
    2017-09-13 15:09 - 2017-09-05 02:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
    2017-09-13 15:09 - 2017-09-05 02:27 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
    2017-09-13 15:09 - 2017-09-05 02:25 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
    2017-09-13 15:09 - 2017-09-05 02:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
    2017-09-13 15:09 - 2017-09-05 02:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
    2017-09-13 15:09 - 2017-09-05 02:23 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
    2017-09-13 15:09 - 2017-09-05 02:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
    2017-09-13 15:09 - 2017-09-05 02:22 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
    2017-09-13 15:09 - 2017-09-05 02:20 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
    2017-09-13 15:09 - 2017-09-05 02:17 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2017-09-13 15:09 - 2017-09-05 02:15 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-09-13 15:09 - 2017-09-05 02:15 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-09-13 15:09 - 2017-09-05 02:15 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2017-09-13 15:09 - 2017-09-05 02:15 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2017-09-13 15:09 - 2017-09-05 02:13 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-09-13 15:09 - 2017-09-05 02:13 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-09-13 15:09 - 2017-09-05 02:12 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-09-13 15:09 - 2017-09-05 02:12 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2017-09-13 15:09 - 2017-09-05 02:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
    2017-09-13 15:09 - 2017-09-05 02:10 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
    2017-09-13 15:09 - 2017-09-05 02:10 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
    2017-09-13 15:09 - 2017-09-05 02:09 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-09-13 15:09 - 2017-09-05 02:08 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-09-13 15:09 - 2017-09-05 02:08 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
    2017-09-13 15:09 - 2017-09-05 02:06 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-09-13 15:09 - 2017-09-05 02:05 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-09-13 15:09 - 2017-09-05 02:04 - 000715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-09-13 15:09 - 2017-09-05 02:02 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2017-09-13 15:09 - 2017-09-05 01:59 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2017-09-13 15:09 - 2017-09-05 01:57 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-09-13 15:09 - 2017-09-05 01:57 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-09-13 15:09 - 2017-09-05 01:52 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2017-09-13 15:09 - 2017-09-05 01:52 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
    2017-09-13 15:09 - 2017-09-05 01:50 - 002125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
    2017-09-13 15:09 - 2017-09-05 01:50 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-09-13 15:09 - 2017-09-05 01:50 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-09-13 15:09 - 2017-09-05 01:49 - 001418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2017-09-13 15:09 - 2017-09-05 01:49 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-09-13 15:09 - 2017-09-05 01:49 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-09-13 15:09 - 2017-09-05 01:48 - 002129920 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-09-13 15:09 - 2017-09-05 01:46 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-09-13 15:09 - 2017-09-05 01:44 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-09-13 15:09 - 2017-09-05 01:42 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-09-13 15:09 - 2017-09-05 01:41 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2017-09-13 15:09 - 2017-09-05 01:40 - 001292800 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2017-09-13 15:09 - 2017-09-05 01:38 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2017-09-13 15:09 - 2017-09-05 01:37 - 004456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-09-13 15:09 - 2017-09-05 01:37 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2017-09-13 15:09 - 2017-09-05 01:35 - 002054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2017-09-13 15:09 - 2017-09-05 01:28 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2017-09-13 15:09 - 2017-09-05 01:21 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-09-13 15:09 - 2017-09-05 01:20 - 003588608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-09-13 15:09 - 2017-09-05 01:20 - 002610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2017-09-13 15:09 - 2017-09-05 01:15 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2017-09-13 15:09 - 2017-09-05 01:15 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2017-09-13 15:09 - 2017-09-05 01:13 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
    2017-09-13 15:09 - 2017-09-05 01:11 - 003046400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2017-09-13 15:09 - 2017-09-05 01:11 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-09-13 15:09 - 2017-09-05 01:10 - 001946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-09-13 15:09 - 2017-09-05 01:10 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-09-13 15:09 - 2017-09-05 01:06 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-09-13 15:09 - 2017-09-05 01:05 - 004827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-09-13 15:09 - 2017-09-05 01:05 - 003405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-09-13 15:09 - 2017-09-05 01:05 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-09-13 15:09 - 2017-09-05 01:04 - 003355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2017-09-13 15:09 - 2017-09-05 01:04 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-09-13 15:09 - 2017-09-05 01:03 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2017-09-13 15:09 - 2017-09-05 01:01 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-09-13 15:09 - 2017-09-05 00:58 - 002635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-09-13 15:09 - 2017-09-05 00:58 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-09-13 15:09 - 2017-09-05 00:56 - 005503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-09-13 15:09 - 2017-09-05 00:54 - 003585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2017-09-13 15:09 - 2017-09-05 00:47 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-09-13 15:09 - 2017-09-05 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-09-13 15:09 - 2017-09-05 00:45 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-09-13 15:09 - 2017-09-05 00:45 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-09-13 15:09 - 2017-09-05 00:40 - 001526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-09-13 15:09 - 2017-09-05 00:34 - 004890624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-09-13 15:09 - 2017-09-05 00:31 - 022377472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-09-13 15:09 - 2017-09-05 00:28 - 013410816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-09-13 15:09 - 2017-09-05 00:24 - 006978048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-09-13 15:09 - 2017-09-05 00:23 - 024606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-09-13 15:09 - 2017-09-05 00:23 - 006312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2017-09-13 15:09 - 2017-09-05 00:21 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2017-09-13 15:09 - 2017-09-05 00:06 - 007841792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-09-13 15:09 - 2017-09-05 00:02 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2017-09-13 15:09 - 2017-09-04 23:57 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-09-13 15:09 - 2017-09-04 23:48 - 019346432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-09-13 15:09 - 2017-09-04 23:48 - 018675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-09-13 15:09 - 2017-09-04 23:48 - 012155904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-09-13 15:09 - 2017-09-04 23:37 - 005661184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-09-13 15:08 - 2017-09-05 03:41 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2017-09-13 15:08 - 2017-09-05 02:25 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
    2017-09-13 15:08 - 2017-09-05 02:18 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2017-09-13 15:08 - 2017-09-05 02:11 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2017-09-13 15:08 - 2017-09-05 01:59 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
    2017-09-13 15:08 - 2017-09-05 01:43 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2017-09-13 15:08 - 2017-09-05 01:37 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
    2017-09-13 15:08 - 2017-09-05 01:03 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2017-09-13 15:08 - 2017-09-05 00:16 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
    2017-09-10 20:11 - 2017-09-10 20:11 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsignec558effb061a8d7
    2017-09-10 20:07 - 2017-09-10 20:07 - 000000000 ____D C:\Users\Imogen\AppData\Local\Tempzxpsign7d8ae5031cff08eb

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-10-10 22:39 - 2017-05-14 19:24 - 002723387 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-10-10 22:39 - 2017-05-14 19:24 - 002434650 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-10-10 22:39 - 2017-05-09 23:06 - 000028508 _____ C:\Users\Imogen\Downloads\FRST.txt
    2017-10-10 22:38 - 2017-05-09 23:06 - 000000000 ____D C:\FRST
    2017-10-10 22:38 - 2015-10-30 03:24 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-10-10 22:37 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-10-10 22:37 - 2015-08-31 15:37 - 000000000 ____D C:\ProgramData\Symantec
    2017-10-10 22:23 - 2017-07-20 18:05 - 000000000 ____D C:\Program Files\rempl
    2017-10-10 22:21 - 2015-08-16 13:06 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{724DB0F0-927F-4B14-A024-99806B133DAA}
    2017-10-10 22:20 - 2017-05-08 23:25 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2017-10-10 22:20 - 2017-05-08 23:24 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2017-10-10 22:20 - 2017-05-08 23:24 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2017-10-10 22:20 - 2017-05-08 23:17 - 000000000 ____D C:\ProgramData\AVAST Software
    2017-10-10 22:19 - 2017-05-08 23:24 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2017-10-10 22:18 - 2017-05-08 23:24 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2017-10-10 22:18 - 2017-05-08 23:24 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2017-10-10 22:18 - 2017-05-08 23:24 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2017-10-10 22:18 - 2017-05-08 23:24 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2017-10-10 22:17 - 2015-08-31 15:22 - 000000000 ____D C:\Users\Imogen\AppData\Local\Adobe
    2017-10-10 22:11 - 2015-12-16 00:17 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-10-10 22:11 - 2015-08-16 16:33 - 000000000 __SHD C:\Users\Imogen\IntelGraphicsProfiles
    2017-10-04 15:44 - 2015-08-16 12:51 - 000000000 ____D C:\Users\Imogen\AppData\Local\Packages
    2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
    2017-10-02 19:42 - 2015-08-16 14:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
    2017-10-01 21:39 - 2015-10-30 03:21 - 000000000 ____D C:\WINDOWS\INF
    2017-09-30 13:40 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Local\Spotify
    2017-09-30 13:38 - 2017-06-16 19:53 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Spotify
    2017-09-30 12:11 - 2016-12-24 17:18 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-09-29 20:44 - 2015-12-16 03:12 - 000000000 ___DC C:\WINDOWS\Panther
    2017-09-29 20:27 - 2015-07-16 10:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-09-29 00:18 - 2015-10-30 03:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-09-26 20:25 - 2017-05-08 23:24 - 000361784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfa032f16843534e7.tmp
    2017-09-26 15:33 - 2015-08-16 13:08 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-09-26 15:33 - 2015-08-16 13:08 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-09-23 21:42 - 2017-07-29 20:39 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2005569905-2985736349-4029353856-1001
    2017-09-23 21:42 - 2015-08-16 16:36 - 000002381 _____ C:\Users\Imogen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-09-23 21:42 - 2015-08-16 16:36 - 000000000 ___RD C:\Users\Imogen\OneDrive
    2017-09-23 12:00 - 2015-12-16 00:21 - 000000000 ____D C:\Users\Imogen
    2017-09-19 23:54 - 2015-08-16 16:34 - 000000000 ____D C:\Users\Imogen\AppData\Local\Publishers
    2017-09-19 08:26 - 2017-05-08 23:24 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3e8f634e5e362e68.tmp
    2017-09-17 14:36 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\rescache
    2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-09-16 10:44 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-09-15 18:55 - 2016-01-27 22:01 - 000000000 ____D C:\Users\Imogen\AppData\Roaming\Skype
    2017-09-13 22:04 - 2015-08-16 14:57 - 000879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-09-13 22:01 - 2015-08-16 11:14 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-09-13 21:58 - 2017-05-14 18:57 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-09-13 21:58 - 2015-12-16 00:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-09-13 21:58 - 2015-12-16 00:13 - 005009984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-09-13 17:53 - 2015-10-30 02:28 - 000786432 ___SH C:\WINDOWS\system32\config\BBI
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ___RD C:\WINDOWS\DevicesFlow
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files\Windows Defender
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-09-13 17:51 - 2015-10-30 03:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2017-09-13 15:23 - 2015-08-16 18:34 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-09-13 15:21 - 2015-10-30 03:11 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-09-13 15:21 - 2015-08-16 18:34 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2015-09-04 09:28 - 2016-05-18 21:01 - 000000033 _____ () C:\Users\Imogen\AppData\Roaming\AdobeWLCMCache.dat
    2017-03-29 15:06 - 2017-03-29 15:06 - 000001456 _____ () C:\Users\Imogen\AppData\Local\Adobe Save for Web 13.0 Prefs
    2015-12-16 00:18 - 2015-12-16 00:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-12-12 11:55 - 2014-12-12 11:55 - 000000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-10-01 21:53

    ==================== End of FRST.txt ============================

    ADDITION:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by Imogen (10-10-2017 22:40:46)
    Running from C:\Users\Imogen\Downloads
    Windows 10 Home Version 1511 170904-1742 (X64) (2015-12-16 04:40:03)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2005569905-2985736349-4029353856-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2005569905-2985736349-4029353856-503 - Limited - Disabled)
    Guest (S-1-5-21-2005569905-2985736349-4029353856-501 - Limited - Disabled)
    Imogen (S-1-5-21-2005569905-2985736349-4029353856-1001 - Administrator - Enabled) => C:\Users\Imogen

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
    Adobe Flash Player 27 NPAPI (HKLM-x32\...\{05E6D311-4793-44BE-ACA2-A50B5B5129AE}) (Version: 27.0.0.130 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
    Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{F9626784-9EDD-32B3-3888-5A840B88DF23}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Chroma Tune for TOSHIBA (HKLM\...\{CD1AE048-DC88-4615-9A5F-7E607C000736}) (Version: 2.00.53 - Portrait Displays, Inc.)
    Coffee (HKLM-x32\...\{568300F4-7F75-4635-B50E-16EFB18C0CE0}) (Version: 1.0.3 - Steven Cole)
    CyberLink MediaShow 6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.7921 - CyberLink Corp.)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
    CyberLink PowerDirector Touch (HKLM\...\{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.) Hidden
    CyberLink PowerDirector Touch (HKLM-x32\...\InstallShield_{DC604EA2-684F-4fad-80E6-10A090F85E7D}) (Version: 1.2.3121.0 - CyberLink Corp.)
    DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
    IntelŽ PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
    iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
    KB4023057 (HKLM\...\{0C050BEE-16BE-4998-8959-2A421433DB6E}) (Version: 2.5.0.0 - Microsoft Corporation)
    King Oddball (HKLM-x32\...\WTA-16523265-5c95-4371-a35f-f9b54c7c7030) (Version: 3.0.2.48 - WildTangent) Hidden
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
    Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
    OEM Application Profile (HKLM-x32\...\{61A09A66-D7E6-22EF-AF75-16D83ADE30E3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    PX Profile Update (HKLM-x32\...\{733F4823-8E3A-67FA-7E25-EB368567437A}) (Version: 1.00.1. - AMD) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
    Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
    Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
    Symantec Endpoint Protection (HKLM\...\{18F87B39-E281-4228-B83D-627FFC77A466}) (Version: 12.1.6168.6000 - Symantec Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.6 - Synaptics Incorporated)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.3 - Toshiba Corporation)
    TOSHIBA Blu-ray Disc Player (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 2.3.3.4 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 4.06.000 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.03.55065007 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
    WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.49 - Zemana Ltd.)
    ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
    ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
    ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
    ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
    ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
    ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-06-16] ()
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-09-06] (AVAST Software)
    ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\vpshell2.dll [2015-08-10] (Symantec Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
    ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00D1DF1F-E0D4-4546-ADA4-B27C769E2E3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
    Task: {086A05B4-807B-4949-8C5F-04E2E3DF54A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-10] (AVAST Software)
    Task: {09D7B895-3B2D-40A3-98A0-3DFCDEAB7C52} - System32\Tasks\SafeZone scheduled Autoupdate 1494300916 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
    Task: {37FE118C-C5E7-4876-B98D-341FCED931FD} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
    Task: {437D5321-3648-4ADF-8689-D4D1BF6D65AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {4F635F49-F6E0-4027-A554-792A68BCAB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {6F35671E-9C9D-41C9-A663-E10DDC6A6F53} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
    Task: {7641054F-9517-440D-B604-1EFB8E8B69E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-20] (Synaptics Incorporated)
    Task: {7F7DD807-B95A-409B-BC50-34D6BD597DBA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
    Task: {80D41E4A-BF13-421B-9748-3B3B55A6D544} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-16] (Adobe Systems Incorporated)
    Task: {9132004C-AA3D-4BEC-AC2E-122564211DD9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
    Task: {9CDA6356-3594-4542-921B-70757974618D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
    Task: {A384693C-2256-45C3-A753-2E00F1F06641} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
    Task: {A4E60AF1-2BEE-4675-A7E6-0BE45A1151DC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-imogen.thomas5654@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {B1A8CE3D-E729-486D-9B9B-B8406F8C7FF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-29] (Microsoft Corporation)
    Task: {BAD9AB5C-4662-4C81-AF3F-B1EC4FBA6821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-29] (Microsoft Corporation)
    Task: {C583CBED-0130-47E8-BFAD-877FCDAC1D1A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {CAAE93C8-59F9-4355-9431-10381EEDD273} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {D05ACD09-AF38-4385-B1E3-4EF18B8B74D2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
    Task: {DC9DB603-4E5B-45EA-B4AA-FA494C7CCF47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
    Task: {E3025F92-323F-4629-A792-AEC706784C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
    Task: {FC5DED5F-93FC-44C1-A0C3-28982304595B} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2013-03-27 16:53 - 2013-03-27 16:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
    2014-02-27 16:31 - 2014-02-27 16:31 - 000013312 _____ () C:\Windows\SysWOW64\SMITSC.exe
    2014-12-12 11:57 - 2012-04-24 22:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-05-27 13:46 - 2015-05-27 13:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
    2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-03-14 16:21 - 2017-03-04 01:31 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2017-09-13 15:09 - 2017-09-05 05:31 - 002656960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-05-18 21:17 - 2017-09-29 00:06 - 008931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-12-02 08:32 - 2016-12-02 08:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
    2015-12-17 17:44 - 2015-12-07 00:14 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-07-19 13:07 - 2016-06-30 23:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2017-03-14 16:21 - 2017-03-03 23:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-03-14 16:21 - 2017-03-03 23:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-09-13 15:09 - 2017-09-05 00:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-09-13 15:09 - 2017-09-05 00:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
    2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2017-09-26 15:33 - 2017-09-21 03:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
    2017-09-26 15:33 - 2017-09-21 03:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
    2013-08-01 17:24 - 2013-08-01 17:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
    2016-10-25 09:57 - 2016-10-25 09:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2015-10-30 03:18 - 2015-10-30 03:18 - 000218456 _____ () c:\windows\system32\WerEtw.dll
    2015-08-10 14:33 - 2015-08-10 14:33 - 000566328 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\AvPluginImpl.dll
    2015-07-16 09:27 - 2013-12-09 18:26 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
    2017-07-06 10:44 - 2017-07-06 10:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-09-06 20:24 - 2017-09-06 20:24 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-03-14 08:31 - 2017-03-14 08:31 - 052051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2017-01-25 20:07 - 2017-01-25 20:07 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
    2017-01-25 20:07 - 2017-01-25 20:07 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
    2017-01-25 20:06 - 2017-01-25 20:06 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
    2017-01-25 20:07 - 2017-01-25 20:07 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
    2017-03-14 08:35 - 2017-03-14 08:35 - 000099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
    2017-01-25 20:07 - 2017-01-25 20:07 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\sharepoint.com -> hxxps://bard0-files.sharepoint.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2017-05-13 17:58 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Imogen\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
    DNS Servers: 10.5.0.2 - 10.5.0.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{EBC1DAC6-783B-4591-A32F-18412B3741D9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
    FirewallRules: [{9AD81E91-C680-4AB3-A569-0A036DA2E43D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin64\snac64.exe
    FirewallRules: [{1422AC0E-097A-4CAE-94B7-95EAEBD2D6AA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
    FirewallRules: [{B7E4966C-BA89-4AA1-8FDD-4F42847EECD5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Bin\Smc.exe
    FirewallRules: [{69D50447-675B-4145-8065-CD3538C4B445}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{38CBBDEB-780A-457D-954E-2E057D8540B6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
    FirewallRules: [{84AAB974-9BBA-44A8-9C75-A64D8C27AA44}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{301762DD-BB2C-4F1E-A81A-9BC5EB53626D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
    FirewallRules: [{1C54BC69-167C-4061-AEFD-5626E6987ADF}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{1E8C57AD-62D7-492E-A1B7-2305781FBD00}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{2472F3C1-2C2C-4F11-8402-DF70A34E497D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{8B5E4A87-560E-419B-BE97-ADFF740285BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{288E0BAE-B97F-4EA0-A5AF-1DED955072A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{02CC9AC9-A41A-4840-8F15-28230DCB9BBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{59E54054-46A1-4F4A-A532-958911D2CFC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{16F8BE89-3759-464E-AF65-08C83AA22B35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{BF690903-5315-4BF4-992D-07AA481546D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EC143D06-E504-45E7-904C-59242F8A1543}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{A854DFFD-5400-4B4B-8749-A393CDAD22A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{E7F31244-11D5-4BAA-A482-A33F98B67D03}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
    FirewallRules: [{F73C6B3F-03C0-43B0-9C31-D2D19219C475}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
    FirewallRules: [{EFDD668D-6742-4347-89C6-16000F219BCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{46FA8CDD-3DD2-44A7-9828-19C892C877A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{75C9CBE9-FC3B-483D-A895-FD65E1DED8D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Restore Points =========================

    17-09-2017 14:36:32 Scheduled Checkpoint
    29-09-2017 00:05:02 Windows Update
    10-10-2017 22:21:51 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/10/2017 10:37:45 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
    Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh8d1f.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

    Error: (10/10/2017 10:35:55 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/10/2017 10:28:50 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
    Description: Security Risk Found!Trojan.Gen.2 in File: C:\ProgramData\Symantec\DefWatch.DWH\dwh4c88.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

    Error: (10/10/2017 10:22:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (10/04/2017 05:52:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
    Description: ATI EEU PnP start/stop failed

    Error: (10/04/2017 05:52:40 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
    Description: ATI EEU PnP start/stop failed

    Error: (10/04/2017 02:09:10 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (10/03/2017 10:51:55 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6672

    Error: (10/03/2017 07:33:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6672


    System errors:
    =============
    Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (10/10/2017 10:23:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (10/10/2017 10:23:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (10/10/2017 10:23:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    Incorrect function.

    Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/04/2017 05:52:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_a427b92 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (10/04/2017 02:18:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

    Error: (10/03/2017 10:35:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Feature update to Windows 10, version 1703.


    CodeIntegrity:
    ===================================
    Date: 2017-09-29 20:28:54.000
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-09-29 00:15:08.738
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-09-25 20:38:37.070
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-09-14 20:00:47.033
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-09-13 21:59:40.274
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-09-13 15:28:27.182
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-08-25 01:56:41.853
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-08-13 12:45:06.322
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-08-09 11:21:58.262
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-08-09 03:25:35.842
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz
    Percentage of memory in use: 38%
    Total physical RAM: 16294.85 MB
    Available physical RAM: 9974.41 MB
    Total Virtual: 29685.75 MB
    Available Virtual: 23540.21 MB

    ==================== Drives ================================

    Drive c: (TI10707900C) (Fixed) (Total:917.44 GB) (Free:663.21 GB) NTFS
    Drive e: () (Removable) (Total:14.83 GB) (Free:0.16 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    aswMBR LOG:
    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-10-10 22:44:59
    -----------------------------
    22:44:59.794 OS Version: Windows x64 6.2.9200
    22:44:59.794 Number of processors: 8 586 0x3C03
    22:44:59.795 ComputerName: IMOGENCOMPUTER UserName: Imogen
    22:45:03.548 Initialize success
    22:45:03.550 VM: initialized successfully
    22:45:03.551 VM: Intel CPU supported virtualized
    22:45:22.284 VM: disk I/O iaStorA.sys
    22:45:30.196 AVAST engine defs: 17101004
    22:45:38.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
    22:45:38.210 Disk 0 Vendor: TOSHIBA_MQ02ABD100H HKF03M Size: 953869MB BusType: 11
    22:45:38.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000043
    22:45:38.213 Disk 1 Vendor: Realtek_ 1.00 Size: 15193MB BusType: 1
    22:45:38.356 Disk 0 MBR read successfully
    22:45:38.359 Disk 0 MBR scan
    22:45:38.362 Disk 0 unknown MBR code
    22:45:38.364 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    22:45:38.370 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:45:45.408 Service scanning
    22:45:58.668 Modules scanning
    22:45:58.682 Disk 0 trace - called modules:
    22:45:58.692 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys thpdrv.sys hal.dll
    22:45:58.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00049217060]
    22:45:58.705 3 aswSP.sys[fffff800659b1b9e] -> nt!IofCallDriver -> \Device\THPDRV1[0xffffe0004921e060]
    22:46:02.047 AVAST engine scan C:\WINDOWS
    22:46:06.641 AVAST engine scan C:\WINDOWS\system32
    22:48:55.716 AVAST engine scan C:\WINDOWS\system32\drivers
    22:49:09.408 AVAST engine scan C:\Users\Imogen
    22:58:29.494 Disk 0 MBR has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\MBR.dat"
    22:58:29.500 The log file has been saved successfully to "C:\Users\Imogen\Desktop\LOGS\aswMBR 10-10-17.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Symantec Endpoint Protection <== does this supply antivirus protection as in security suite?
    AVAST <== is an antivirus

    If the computer has 2 antivirus, need to make a decision which to keep and which to uninstall.
    ~~~~

    Right click on the FRST icon and select Run as administrator
    Highlight the below information then hit the Ctrl + C keys at the same time
    or
    Right click/highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
    U3 aswbdisk; no ImagePath
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: Bitsadmin /Reset /Allusers
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ******

    Malwarebytes version 3.1.2.1733 <== Your version is outdated

    Open Malwarebytes Anti-Malware
    Look for and click on the Update button
    Allow it to update
    • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
    • Let the scan run, the time required to complete the scan depends of your system and computer specs
    • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
    • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply


    ***

    Follow the instructions below please.

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

    created by Aura
    ~~~~~~~~~~~~~~~~~~`
    Junkware Removal Tool (JRT)
    • Download Junkware Removal Tool (JRT) and move it to your Desktop
    • Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Press on any key to launch the scan and let it complete

      Credits : BleepingComputer.com
    • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

    created by Aura

    **
    Your next reply(ies) should therefore contain:
    • Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted JRT log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    May 2017
    Posts
    12

    Default 10/12/17

    Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2017
    Ran by Imogen (12-10-2017 01:13:27) Run:2
    Running from C:\Users\Imogen\Downloads
    Loaded Profiles: Imogen (Available Profiles: Imogen)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {5A12A81B-0662-4DA4-93C5-CC96CA9431CB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US1214D20150816&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2005569905-2985736349-4029353856-1001 -> {B64FF99D-D9DC-4CC2-AED0-7586853EF92D} URL =
    U3 aswbdisk; no ImagePath
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: Bitsadmin /Reset /Allusers
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A12A81B-0662-4DA4-93C5-CC96CA9431CB} => key removed successfully
    HKLM\Software\Classes\CLSID\{5A12A81B-0662-4DA4-93C5-CC96CA9431CB} => key not found.
    HKU\S-1-5-21-2005569905-2985736349-4029353856-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B64FF99D-D9DC-4CC2-AED0-7586853EF92D} => key removed successfully
    HKLM\Software\Classes\CLSID\{B64FF99D-D9DC-4CC2-AED0-7586853EF92D} => key not found.
    HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.

    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state ON =========

    Ok.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= Bitsadmin /Reset /Allusers =========


    BITSADMIN version 3.0 [ 7.8.10586 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {E539BCAD-9628-4BA9-9850-5A8A5415B05C}.
    0 out of 1 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 32768 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1169735461 B
    Java, Flash, Steam htmlcache => 1310 B
    Windows/system/drivers => 257332927 B
    Edge => 9451680 B
    Chrome => 903682796 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 3416 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 36384 B
    NetworkService => -656 B
    Imogen => 1019399480 B

    RecycleBin => 0 B
    EmptyTemp: => 3.1 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-10-2017 01:21:24)


    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

    ==== End of Fixlog 01:21:25 ====



    AdwCleaner Log:

    # AdwCleaner 7.0.3.1 - Logfile created on Thu Oct 12 05:38:54 2017
    # Updated on 2017/29/09 by Malwarebytes
    # Running on Windows 10 Home (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    No malicious folders deleted.

    ***** [ Files ] *****

    Deleted: C:\Users\All Users\Desktop\eBay.lnk
    Deleted: C:\Users\Public\Desktop\eBay.lnk


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    No malicious registry entries deleted.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0



    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [1033 B] - [2017/10/12 5:37:48]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########




    JRT Log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 10 Home x64
    Ran by Imogen (Administrator) on Thu 10/12/2017 at 1:42:30.46
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 10/12/2017 at 1:45:43.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you update and run a scan with MalwareBytes?

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    created by Aura
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    May 2017
    Posts
    12

    Post

    I did update and run a scan with Malwarebytes--- nothing came up. Here it is though (ran yesterday):

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 10/12/17
    Scan Time: 1:26 AM
    Log File: Malwarebytes.txt
    Administrator: Yes

    -Software Information-
    Version: 3.1.2.1733
    Components Version: 1.0.160
    Update Package Version: 1.0.2996
    License: Free

    -System Information-
    OS: Windows 10 (Build 10586.1176)
    CPU: x64
    File System: NTFS
    User: IMOGENCOMPUTER\Imogen

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 375593
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 6 min, 27 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)




    Also, nothing came up on the EEK scan either, but my computer is still very slow and I find it difficult to believe that the virus that showed up on my Symantec (an app which I deleted in favor of keeping avast) just up and left.

    EEK scan:
    Emsisoft Emergency Kit - Version 2017.8
    Last update: 10/12/2017 7:45:36 PM
    User account: IMOGENCOMPUTER\Imogen
    Computer name: IMOGENCOMPUTER
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 10/12/2017 7:46:03 PM

    Scanned 81011
    Found 0

    Scan end: 10/12/2017 7:50:52 PM
    Scan time: 0:04:49

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I have no idea where it went.

    As for the computer moving slow
    Let's check and see if there is a problem with updates

    Check for and Install Windows Updates
    https://www.tenforums.com/tutorials/...dows-10-a.html

    ~~~~

    Please Download Tweaking.com - Windows Repair from Here
    OR
    Windows Repair (all in one) from here.

    • Install and then run the program
    • Execute the instructions on Step 1 Important
    • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
    • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
    • Click Repairs - Open Repairs in the bottom right corner
    • Uncheck the All repair button then select just the item(s) listed below

      01 - Repair Registry Permissions
      03 - Reset Service permissions
      04 - Register System Files
      05 - Repair WMI
      06 - Repair Windows Firewall
      07 - Repair Internet Explorer
      10 - Remove Policies Set By Infections
      17 - Repair Windows Updates
      19 - Repair Volume Shadow Copy Service
      21 - Repair MSI (Windows Installer)
      26 - Restore Important Windows Services
      27 - Set Windows Service to Default Startup


    • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
    • Please copy and paste the Contents of this file on your next reply.


    Restart the computer normally.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    May 2017
    Posts
    12

    Default

    Hi, I haven't done the next steps yet--- I just wanted to check in about the 'Proper Power Reset' ---- according to the directions I have to remove the battery from my laptop. Is this true (it's just not an easy step for me as I'm at school and I don't have a screwdriver to remove the panel that keeps the battery in)?

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I dont know anything about 'Proper Power Reset
    I posted information on how to check for windows updates manually. On the link I supplied, scroll to the area 'Here's How:'

    Did you run Windows Repair (all in one)?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    May 2017
    Posts
    12

    Default

    The version I downloaded from the link provided (the second one, from Tweaking) doesn't offer a run button---- instead it gives steps that I'm supposed to run by myself (Including Proper Power Reset).

    Part of the issue on my windows updates is that there's a problem updating. I definitely have apps that need updating, but the updates are never able to finish and never update automatically, even though they are set to do so.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Delete the version of All In One you have now, we'll try the download from a difference place.

    Windows Repair (all in one) from here.


    • Install and then run the program
    • Execute the instructions on Step 1 Important
    • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
    • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
    • Click Repairs - Open Repairs in the bottom right corner
    • Uncheck the All repair button then select just the item(s) listed below

      01 - Repair Registry Permissions
      03 - Reset Service permissions
      04 - Register System Files
      05 - Repair WMI
      06 - Repair Windows Firewall
      07 - Repair Internet Explorer
      10 - Remove Policies Set By Infections
      17 - Repair Windows Updates
      19 - Repair Volume Shadow Copy Service
      21 - Repair MSI (Windows Installer)
      26 - Restore Important Windows Services
      27 - Set Windows Service to Default Startup


    • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
    • Please copy and paste the Contents of this file on your next reply.


    Restart the computer normally.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •