Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Is this laptop salvageable?!
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
Page 1 of 3 1 23
 
Topic Tools
  #1  
Old September 6th, 2017, 05:11 AM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Unhappy Is this laptop salvageable?!
My laptop is possessed. The cursor randomly takes on a life of its own. Sometimes it works just fine, and other times it bounces all over the place. Then today, when opening totally innocuous web pages (even cybertechhelp!) in Chrome, my browser suddenly got hijacked to some extremely inappropriate websites. I have been bombarded by images that I can never unsee. Ugh.
I ran a full system scan with Windows Defender, but it revealed nothing.
Help?! Please?!
BTW, I switched to IE, and so far, no hijackings.
Thanks very, very much in advance.
~pk
Reply With Quote
  #2  
Old September 6th, 2017, 08:06 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello pkme and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

I Would like you to do the following

===============================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:
  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue
================================================

Something you need to do now is to reset your browsers.

Instructions on how to backup your Favourites/Bookmarks and other data can be found below If necessary;

Proceed with the reset once done.
================================================== ==

Adwcleaner scan:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next >>>

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old September 6th, 2017, 11:24 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
AdwCleaner logfile
Hello olgun, and thank you for your help! Here is the first logfile. I will work on the other & post it shortly.

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 06 22:13:52 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-01-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nicevideo.us
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
PUP.Optional.Legacy, SearchProvider found: Ask.com - askws
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
Reply With Quote
  #4  
Old September 6th, 2017, 11:38 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Farber Recovery Results
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by mmv (administrator) on MMV-PC (06-09-2017 18:28:28)
Running from C:\Users\mmv\Desktop
Loaded Profiles: mmv (Available Profiles: mmv)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_Activ eX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_no ne_7ef6e89821f9a6be\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-23] (AVAST Software)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\mmv\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Send to OneNote.lnk [2015-01-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4dd5dcc1-e3aa-4ad7-8231-96d6e2ddfa0d}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bb83b569-0c23-4385-9de5-595e6f27d2c6}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL =
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html"
CHR Profile: C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default [2017-09-06]
CHR Extension: (Google Docs) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-03-27]
CHR Extension: (Google Drive) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-04-16]
CHR Extension: (Avast Online Security) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2017-08-24]
CHR Extension: (San Antonio Spurs) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nldfpkbofmebiaoaflmifbmblp pieefk [2014-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-08-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-23] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-23] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-06] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-06] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-06] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-06] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-06] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-06] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-06] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-06] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-06] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-06] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-05] ()
R1 MpKsl7e34a675; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD6B0FAB-BACA-4A8D-ABB7-52D3ADA2965D}\MpKsl7e34a675.sys [44928 2017-09-06] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [50880 2015-10-08] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-06 18:28 - 2017-09-06 18:30 - 000015011 _____ C:\Users\mmv\Desktop\FRST.txt
2017-09-06 18:27 - 2017-09-06 18:28 - 000000000 ____D C:\FRST
2017-09-06 18:26 - 2017-09-06 18:27 - 002395648 _____ (Farbar) C:\Users\mmv\Desktop\FRST64.exe
2017-09-06 18:26 - 2017-09-06 18:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504736798 06202
2017-09-06 18:24 - 2017-09-06 18:23 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-09-06 18:09 - 2017-09-06 18:22 - 000000000 ____D C:\AdwCleaner
2017-09-06 18:08 - 2017-09-06 18:08 - 008182736 _____ (Malwarebytes) C:\Users\mmv\Desktop\adwcleaner_7.0.2.1.exe
2017-09-06 17:43 - 2017-09-06 17:47 - 000131506 _____ C:\Users\mmv\Desktop\hosts.zip
2017-09-05 18:10 - 2017-09-05 18:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150466975012502
2017-09-05 18:10 - 2017-09-05 18:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150465005060902
2017-09-05 18:10 - 2017-09-05 18:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150464984806202
2017-09-05 10:42 - 2017-08-04 01:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-09-05 10:42 - 2017-08-04 01:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-05 10:42 - 2017-08-04 01:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-05 10:42 - 2017-08-04 00:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-29 04:07 - 2017-08-29 04:07 - 000142870 _____ C:\Users\mmv\Desktop\Peer Review.Therese.Fulle.pdf
2017-08-28 10:45 - 2017-08-28 10:45 - 003267436 _____ C:\Users\mmv\Desktop\Counselings.pdf
2017-08-28 10:45 - 2017-08-28 10:45 - 001498717 _____ C:\Users\mmv\Desktop\Netclaims and QA Review Forms.pdf
2017-08-24 22:43 - 2017-09-05 12:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463390232802
2017-08-24 22:43 - 2017-09-05 12:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463070856202
2017-08-24 22:43 - 2017-09-05 11:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463044509302
2017-08-24 22:43 - 2017-09-05 11:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462565629602
2017-08-24 22:43 - 2017-09-05 10:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462522325002
2017-08-24 22:43 - 2017-09-05 10:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462105912502
2017-08-24 22:43 - 2017-08-29 03:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462072814002
2017-08-24 22:43 - 2017-08-29 03:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150399335942102
2017-08-24 22:43 - 2017-08-29 02:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150399304317102
2017-08-24 22:43 - 2017-08-29 02:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398910196802
2017-08-24 22:43 - 2017-08-29 01:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398881112502
2017-08-24 22:43 - 2017-08-29 01:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398488414002
2017-08-24 22:43 - 2017-08-29 00:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398460664002
2017-08-24 22:43 - 2017-08-29 00:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398066685902
2017-08-24 22:43 - 2017-08-28 23:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398045085902
2017-08-24 22:43 - 2017-08-28 23:11 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150397650681202
2017-08-24 22:43 - 2017-08-28 09:35 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150397629648402
2017-08-24 22:43 - 2017-08-28 09:31 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392731531202
2017-08-24 22:43 - 2017-08-28 08:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392708865602
2017-08-24 22:43 - 2017-08-27 23:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392305725002
2017-08-24 22:43 - 2017-08-27 22:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150389162387502
2017-08-24 22:43 - 2017-08-27 22:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150388764520302
2017-08-24 22:43 - 2017-08-26 19:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150388736151502
2017-08-24 22:43 - 2017-08-26 19:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150379062371802
2017-08-24 22:43 - 2017-08-26 19:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150379016234302
2017-08-24 22:43 - 2017-08-26 16:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150378587895302
2017-08-24 22:43 - 2017-08-26 12:47 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150377082859302
2017-08-24 22:43 - 2017-08-25 19:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150376219265602
2017-08-24 22:43 - 2017-08-25 18:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150370294782802
2017-08-24 22:43 - 2017-08-25 10:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150370162715602
2017-08-24 22:43 - 2017-08-25 10:23 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150367137165602
2017-08-24 22:43 - 2017-08-24 23:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150367103859302
2017-08-24 22:43 - 2017-08-24 22:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150363060879602
2017-08-24 22:43 - 2017-08-24 22:43 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150362985795302
2017-08-21 19:48 - 2017-08-24 12:39 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150359300409302
2017-08-21 19:48 - 2017-08-24 09:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150359277456202
2017-08-21 19:48 - 2017-08-24 09:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150358307759302
2017-08-21 19:48 - 2017-08-22 18:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150358280407802
2017-08-21 19:48 - 2017-08-22 18:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150344255918702
2017-08-21 19:48 - 2017-08-22 16:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150344224557802
2017-08-21 19:48 - 2017-08-22 16:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150343258689002
2017-08-21 19:48 - 2017-08-22 13:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150343232196802
2017-08-21 19:48 - 2017-08-22 13:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150342160348402
2017-08-21 19:48 - 2017-08-22 11:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150342142887502
2017-08-21 19:48 - 2017-08-22 11:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150341753400002
2017-08-21 19:48 - 2017-08-21 20:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150341732367102
2017-08-21 19:48 - 2017-08-21 19:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150336023629602
2017-08-21 19:48 - 2017-08-21 19:48 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150335990956202
2017-08-20 11:14 - 2017-08-21 12:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150333187434302
2017-08-20 11:14 - 2017-08-20 20:11 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150333154446802
2017-08-20 11:14 - 2017-08-20 20:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327430417102
2017-08-20 11:14 - 2017-08-20 19:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327401671802
2017-08-20 11:14 - 2017-08-20 18:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327010032802
2017-08-20 11:14 - 2017-08-20 13:48 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150326981415602
2017-08-20 11:14 - 2017-08-20 13:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150325131035902
2017-08-20 11:14 - 2017-08-20 12:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150325113206202
2017-08-20 11:14 - 2017-08-20 12:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324724529602
2017-08-20 11:14 - 2017-08-20 11:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324703923402
2017-08-20 11:14 - 2017-08-20 11:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324314035902
2017-08-20 11:14 - 2017-08-20 11:14 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324275381202
2017-08-18 12:06 - 2017-08-01 13:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-18 12:06 - 2017-08-01 13:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
2017-08-18 12:06 - 2017-08-01 13:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-18 12:06 - 2017-08-01 13:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-08-18 12:06 - 2017-08-01 13:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-08-18 12:06 - 2017-08-01 13:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-18 12:06 - 2017-08-01 13:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-18 12:06 - 2017-08-01 13:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-18 12:06 - 2017-08-01 13:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-18 12:06 - 2017-08-01 13:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-18 12:06 - 2017-08-01 13:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-08-18 12:06 - 2017-08-01 13:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-08-18 12:06 - 2017-08-01 13:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-18 12:06 - 2017-08-01 13:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-18 12:06 - 2017-08-01 13:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-08-18 12:06 - 2017-08-01 13:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-08-18 12:06 - 2017-08-01 13:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-08-18 12:06 - 2017-08-01 13:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-08-18 12:06 - 2017-08-01 13:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-18 12:06 - 2017-08-01 12:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-18 12:06 - 2017-08-01 12:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-08-18 12:06 - 2017-08-01 12:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-08-18 12:06 - 2017-08-01 12:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dl l
2017-08-18 12:06 - 2017-08-01 12:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDisc overy.Dnssd.dll
2017-08-18 12:06 - 2017-08-01 12:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-08-18 12:06 - 2017-08-01 12:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-08-18 12:06 - 2017-08-01 12:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-18 12:06 - 2017-08-01 12:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-08-18 12:06 - 2017-08-01 12:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-08-18 12:06 - 2017-08-01 12:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-08-18 12:06 - 2017-08-01 12:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-08-18 12:06 - 2017-08-01 12:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Walle t.dll
2017-08-18 12:06 - 2017-08-01 12:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-08-18 12:06 - 2017-08-01 12:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-18 12:06 - 2017-08-01 12:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-18 12:06 - 2017-08-01 12:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-18 12:06 - 2017-08-01 12:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-08-18 12:06 - 2017-08-01 12:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-08-18 12:06 - 2017-08-01 12:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-08-18 12:06 - 2017-08-01 12:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-08-18 12:06 - 2017-08-01 12:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-18 12:06 - 2017-08-01 12:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-08-18 12:06 - 2017-08-01 12:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-18 12:06 - 2017-08-01 12:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-08-18 12:06 - 2017-08-01 12:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-08-18 12:06 - 2017-08-01 12:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-08-18 12:06 - 2017-08-01 12:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-18 12:06 - 2017-08-01 12:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-08-18 12:06 - 2017-08-01 12:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-18 12:06 - 2017-08-01 12:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-18 12:06 - 2017-08-01 12:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-18 12:06 - 2017-08-01 12:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-18 12:06 - 2017-08-01 12:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-08-18 12:06 - 2017-08-01 12:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-08-18 12:06 - 2017-08-01 12:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-08-18 12:06 - 2017-08-01 12:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-18 12:06 - 2017-08-01 12:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-08-18 12:06 - 2017-08-01 12:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dl l
2017-08-18 12:06 - 2017-08-01 12:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-08-18 12:06 - 2017-08-01 12:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-08-18 12:06 - 2017-08-01 12:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-08-18 12:06 - 2017-08-01 12:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-18 12:06 - 2017-08-01 12:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-08-18 12:06 - 2017-08-01 12:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-18 12:06 - 2017-08-01 12:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-08-18 12:06 - 2017-08-01 12:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-08-18 12:06 - 2017-08-01 12:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-08-18 12:06 - 2017-08-01 12:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-08-18 12:06 - 2017-08-01 12:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivit y.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-18 12:06 - 2017-08-01 12:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundT ransfer.dll
2017-08-18 12:06 - 2017-08-01 12:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-08-18 12:06 - 2017-08-01 12:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-08-18 12:06 - 2017-08-01 12:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-18 12:06 - 2017-08-01 10:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-18 12:06 - 2017-07-12 02:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-08-18 12:06 - 2017-07-12 02:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-18 12:06 - 2017-07-12 02:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-08-18 12:06 - 2017-07-12 01:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-08-18 12:06 - 2017-07-12 01:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-08-18 12:06 - 2017-07-12 01:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-08-18 12:06 - 2017-07-12 01:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2017-08-18 12:06 - 2017-07-12 01:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2017-08-18 12:06 - 2017-07-12 01:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll
2017-08-18 12:06 - 2017-07-12 01:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-18 12:06 - 2017-07-12 01:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2017-08-18 12:06 - 2017-07-12 01:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2017-08-18 12:06 - 2017-07-12 01:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-08-18 12:06 - 2017-07-12 01:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll
2017-08-18 12:06 - 2017-07-12 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-08-18 12:06 - 2017-07-12 01:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-18 12:06 - 2017-07-12 01:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-08-18 12:06 - 2017-07-12 01:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-18 12:06 - 2017-07-12 01:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-08-18 12:06 - 2017-07-12 01:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-08-18 12:06 - 2017-07-12 01:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-18 12:06 - 2017-07-12 01:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-08-18 12:06 - 2017-07-12 01:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-18 12:06 - 2017-07-12 01:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-18 12:06 - 2017-07-12 01:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-08-18 12:06 - 2017-07-12 01:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-18 12:06 - 2017-07-12 01:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-18 12:06 - 2017-07-12 01:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-08-18 12:06 - 2017-07-12 01:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-08-18 12:06 - 2017-07-12 01:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-08-18 12:06 - 2017-07-12 01:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-18 12:06 - 2017-03-04 02:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-08-18 12:05 - 2017-08-01 15:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-08-18 12:05 - 2017-08-01 15:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-18 12:05 - 2017-08-01 15:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-18 12:05 - 2017-08-01 15:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-08-18 12:05 - 2017-08-01 15:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2017-08-18 12:05 - 2017-08-01 15:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-08-18 12:05 - 2017-08-01 15:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-18 12:05 - 2017-08-01 15:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-18 12:05 - 2017-08-01 15:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-08-18 12:05 - 2017-08-01 15:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-18 12:05 - 2017-08-01 15:21 - 000124072 _____ (Microsoft
Reply With Quote
  #5  
Old September 6th, 2017, 11:39 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Farber Recovery Part 2:
Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-18 12:05 - 2017-08-01 15:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-08-18 12:05 - 2017-08-01 15:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-18 12:05 - 2017-08-01 15:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-18 12:05 - 2017-08-01 15:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-18 12:05 - 2017-08-01 15:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-08-18 12:05 - 2017-08-01 15:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-08-18 12:05 - 2017-08-01 15:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-18 12:05 - 2017-08-01 15:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-08-18 12:05 - 2017-08-01 15:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-08-18 12:05 - 2017-08-01 15:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-18 12:05 - 2017-08-01 15:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-08-18 12:05 - 2017-08-01 15:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-08-18 12:05 - 2017-08-01 15:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-08-18 12:05 - 2017-08-01 15:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-18 12:05 - 2017-08-01 15:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-08-18 12:05 - 2017-08-01 15:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-18 12:05 - 2017-08-01 15:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-18 12:05 - 2017-08-01 14:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-08-18 12:05 - 2017-08-01 14:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-18 12:05 - 2017-08-01 14:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-08-18 12:05 - 2017-08-01 14:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-18 12:05 - 2017-08-01 14:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-08-18 12:05 - 2017-08-01 14:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDisc overy.Dnssd.dll
2017-08-18 12:05 - 2017-08-01 14:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandle rs.dll
2017-08-18 12:05 - 2017-08-01 14:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-08-18 12:05 - 2017-08-01 14:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-18 12:05 - 2017-08-01 14:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-08-18 12:05 - 2017-08-01 14:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-18 12:05 - 2017-08-01 14:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dl l
2017-08-18 12:05 - 2017-08-01 14:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-08-18 12:05 - 2017-08-01 14:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-08-18 12:05 - 2017-08-01 14:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-08-18 12:05 - 2017-08-01 14:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-08-18 12:05 - 2017-08-01 14:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-18 12:05 - 2017-08-01 14:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-18 12:05 - 2017-08-01 14:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-18 12:05 - 2017-08-01 14:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-18 12:05 - 2017-08-01 14:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Walle t.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-18 12:05 - 2017-08-01 14:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-18 12:05 - 2017-08-01 14:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-18 12:05 - 2017-08-01 14:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dl l
2017-08-18 12:05 - 2017-08-01 14:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-08-18 12:05 - 2017-08-01 14:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-08-18 12:05 - 2017-08-01 14:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-08-18 12:05 - 2017-08-01 14:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-18 12:05 - 2017-08-01 14:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-18 12:05 - 2017-08-01 14:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-18 12:05 - 2017-08-01 14:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-08-18 12:05 - 2017-08-01 14:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-18 12:05 - 2017-08-01 14:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.Web.Core.dll
2017-08-18 12:05 - 2017-08-01 14:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-18 12:05 - 2017-08-01 14:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-18 12:05 - 2017-08-01 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.service provider.dll
2017-08-18 12:05 - 2017-08-01 14:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-18 12:05 - 2017-08-01 14:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-08-18 12:05 - 2017-08-01 14:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-18 12:05 - 2017-08-01 14:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-18 12:05 - 2017-08-01 14:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-18 12:05 - 2017-08-01 14:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-18 12:05 - 2017-08-01 14:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-18 12:05 - 2017-08-01 14:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-08-18 12:05 - 2017-08-01 14:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-18 12:05 - 2017-08-01 14:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-08-18 12:05 - 2017-08-01 14:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-18 12:05 - 2017-08-01 14:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-08-18 12:05 - 2017-08-01 14:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-08-18 12:05 - 2017-08-01 14:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-08-18 12:05 - 2017-08-01 14:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-18 12:05 - 2017-08-01 14:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-18 12:05 - 2017-08-01 14:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2017-08-18 12:05 - 2017-08-01 14:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-18 12:05 - 2017-08-01 14:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-08-18 12:05 - 2017-08-01 14:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-08-18 12:05 - 2017-08-01 14:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-08-18 12:05 - 2017-08-01 14:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-08-18 12:05 - 2017-08-01 14:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-18 12:05 - 2017-08-01 14:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivit y.dll
2017-08-18 12:05 - 2017-08-01 14:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-18 12:05 - 2017-08-01 14:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-08-18 12:05 - 2017-08-01 14:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-18 12:05 - 2017-08-01 14:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-08-18 12:05 - 2017-08-01 14:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundT ransfer.dll
2017-08-18 12:05 - 2017-08-01 14:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-18 12:05 - 2017-07-12 02:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-08-18 12:05 - 2017-07-12 02:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-08-18 12:05 - 2017-07-12 02:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-18 12:05 - 2017-07-12 02:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-08-18 12:05 - 2017-07-12 02:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-18 12:05 - 2017-07-12 02:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-08-18 12:05 - 2017-07-12 02:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-18 12:05 - 2017-07-12 02:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-08-18 12:05 - 2017-07-12 02:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-08-18 12:05 - 2017-07-12 02:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-08-18 12:05 - 2017-07-12 02:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2017-08-18 12:05 - 2017-07-12 01:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-08-18 12:05 - 2017-07-12 01:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-08-18 12:05 - 2017-07-12 01:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-08-18 12:05 - 2017-07-12 01:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys
2017-08-18 12:05 - 2017-07-12 01:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2017-08-18 12:05 - 2017-07-12 01:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2017-08-18 12:05 - 2017-07-12 01:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-08-18 12:05 - 2017-07-12 01:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-08-18 12:05 - 2017-07-12 01:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-08-18 12:05 - 2017-07-12 01:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll
2017-08-18 12:05 - 2017-07-12 01:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-08-18 12:05 - 2017-07-12 01:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2017-08-18 12:05 - 2017-07-12 01:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll
2017-08-18 12:05 - 2017-07-12 01:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-08-18 12:05 - 2017-07-12 01:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-18 12:05 - 2017-07-12 01:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-08-18 12:05 - 2017-07-12 01:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-08-18 12:05 - 2017-07-12 01:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-08-18 12:05 - 2017-07-12 01:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-18 12:05 - 2017-07-12 01:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-08-18 12:05 - 2017-07-12 01:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-18 12:05 - 2017-07-12 01:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-08-18 12:05 - 2017-07-12 01:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-08-18 12:05 - 2017-07-12 01:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-18 12:05 - 2017-07-12 01:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-08-18 12:05 - 2017-07-12 01:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-18 12:05 - 2017-07-12 01:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-08-18 12:05 - 2017-07-12 01:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-08-18 12:05 - 2017-07-12 01:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-08-18 12:05 - 2017-07-12 01:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-18 12:05 - 2017-07-12 01:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-18 12:05 - 2017-07-12 01:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-08-18 12:05 - 2017-07-12 01:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-08-18 12:05 - 2017-07-12 00:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-08-18 12:05 - 2017-07-12 00:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-18 12:05 - 2017-07-12 00:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-18 12:05 - 2017-07-12 00:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-18 12:05 - 2017-07-12 00:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-08-18 12:05 - 2017-07-12 00:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-18 12:05 - 2017-07-12 00:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-18 12:05 - 2017-07-12 00:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-08-18 12:05 - 2017-07-11 22:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-08-18 12:05 - 2017-03-04 02:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-08-18 12:05 - 2017-03-04 02:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-08-18 12:05 - 2017-03-04 02:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-08-18 12:05 - 2017-03-04 02:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-08-18 12:05 - 2016-09-07 01:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-08-18 12:05 - 2016-08-02 04:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-18 12:04 - 2017-08-01 15:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-18 12:04 - 2017-08-01 15:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-08-18 12:04 - 2017-08-01 15:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-08-18 12:04 - 2017-08-01 15:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-08-18 12:04 - 2017-08-01 15:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-18 12:04 - 2017-08-01 15:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-08-18 12:04 - 2017-08-01 14:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-18 12:04 - 2017-08-01 14:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-18 12:04 - 2017-08-01 14:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-08-18 12:04 - 2017-08-01 14:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-08-18 12:04 - 2017-08-01 14:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-08-18 12:04 - 2017-08-01 14:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-08-18 12:04 - 2017-08-01 14:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-08-18 12:04 - 2017-08-01 14:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-08-18 12:04 - 2017-08-01 14:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-08-18 12:04 - 2017-08-01 14:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-08-18 12:04 - 2017-08-01 14:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-08-18 12:04 - 2017-08-01 14:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-08-18 12:04 - 2017-08-01 14:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-08-18 12:04 - 2017-07-12 02:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-08-18 12:04 - 2017-07-12 02:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-08-18 12:04 - 2017-07-12 02:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2017-08-18 12:04 - 2017-07-12 01:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-08-18 12:04 - 2017-07-12 01:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-08-18 12:04 - 2017-07-12 01:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-08-18 12:04 - 2017-07-12 01:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-18 12:04 - 2017-07-12 01:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2017-08-18 12:04 - 2017-07-12 01:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2017-08-18 12:04 - 2017-07-12 01:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2017-08-18 12:04 - 2017-07-12 01:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-08-18 12:04 - 2017-07-12 01:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-08-18 12:04 - 2017-07-12 01:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-18 12:04 - 2017-07-12 01:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-18 12:04 - 2017-07-12 01:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-18 12:04 - 2017-07-12 01:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2017-08-18 12:04 - 2017-07-12 01:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2017-08-18 12:04 - 2017-07-12 01:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-18 12:04 - 2017-03-04 02:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-08-16 13:13 - 2017-08-16 13:13 - 000077941 _____ C:\Users\mmv\Documents\CoverLetter WIN.pdf
2017-08-15 23:42 - 2017-08-15 23:42 - 000457637 _____ C:\Users\mmv\Documents\Pam Prentice Valdés CC PalmBeach Treasure Coast.pdf
2017-08-15 22:10 - 2017-08-15 22:10 - 000078246 _____ C:\Users\mmv\Documents\CoverLetter Cigna.pdf
2017-08-15 21:30 - 2017-08-15 21:30 - 000457655 _____ C:\Users\mmv\Documents\Pam Prentice Valdés Gen.pdf
2017-08-11 16:52 - 2017-08-18 21:42 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150311138331202
2017-08-11 16:52 - 2017-08-18 20:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310696529602
2017-08-11 16:52 - 2017-08-18 20:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310298675002
2017-08-11 16:52 - 2017-08-18 18:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310264387502
2017-08-11 16:52 - 2017-08-18 18:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150309454646802
2017-08-11 16:52 - 2017-08-18 16:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150309433809302
2017-08-11 16:52 - 2017-08-18 16:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308881171802
2017-08-11 16:52 - 2017-08-18 15:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308863028102
2017-08-11 16:52 - 2017-08-18 15:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308475178102
2017-08-11 16:52 - 2017-08-18 14:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308455698402
2017-08-11 16:52 - 2017-08-18 13:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307938070302
2017-08-11 16:52 - 2017-08-18 11:41 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307887493702
2017-08-11 16:52 - 2017-08-18 11:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307091429602
2017-08-11 16:52 - 2017-08-18 10:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307067623402
2017-08-11 16:52 - 2017-08-18 10:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150306674842102
2017-08-11 16:52 - 2017-08-17 15:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150306656468702
2017-08-11 16:52 - 2017-08-17 15:16 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150299763484302
2017-08-11 16:52 - 2017-08-17 13:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150299740437502
2017-08-11 16:52 - 2017-08-17 12:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298942585902
2017-08-11 16:52 - 2017-08-17 10:59 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298901595302
2017-08-11 16:52 - 2017-08-17 00:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298196310902
2017-08-11 16:52 - 2017-08-16 14:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150294256017102
2017-08-11 16:52 - 2017-08-16 14:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290674939002
2017-08-11 16:52 - 2017-08-16 12:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290656770302
2017-08-11 16:52 - 2017-08-16 12:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290267503102
2017-08-11 16:52 - 2017-08-16 10:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290249242102
2017-08-11 16:52 - 2017-08-16 10:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150289236593702
2017-08-11 16:52 - 2017-08-16 08:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150289219731202
2017-08-11 16:52 - 2017-08-16 00:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150288830870302
2017-08-11 16:52 - 2017-08-15 23:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285776307802
2017-08-11 16:52 - 2017-08-15 23:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285391768702
2017-08-11 16:52 - 2017-08-15 22:18 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285374807802
2017-08-11 16:52 - 2017-08-15 22:16 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284993607802
2017-08-11 16:52 - 2017-08-15 21:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284976089002
2017-08-11 16:52 - 2017-08-15 21:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284595984302
2017-08-11 16:52 - 2017-08-15 13:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284564207802
2017-08-11 16:52 - 2017-08-15 13:52 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150281971910902
2017-08-11 16:52 - 2017-08-14 14:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150281954132802
2017-08-11 16:52 - 2017-08-14 14:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150273707610902
2017-08-11 16:52 - 2017-08-14 10:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150273689745302
2017-08-11 16:52 - 2017-08-14 10:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150271973375002
2017-08-11 16:52 - 2017-08-12 20:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150271954221802
2017-08-11 16:52 - 2017-08-12 20:39 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150258510025002
2017-08-11 16:52 - 2017-08-12 16:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150258474118702
2017-08-11 16:52 - 2017-08-12 16:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150256876270302
2017-08-11 16:52 - 2017-08-11 22:19 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150256850143702
2017-08-11 16:52 - 2017-08-11 22:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250436948402
2017-08-11 16:52 - 2017-08-11 21:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250415992102
2017-08-11 16:52 - 2017-08-11 21:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250033429602
2017-08-11 16:52 - 2017-08-11 17:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250012192102
2017-08-11 16:52 - 2017-08-11 16:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150248530006202
2017-08-11 16:52 - 2017-08-11 16:52 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150248513893702
2017-08-07 17:54 - 2017-08-10 11:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238677862502
2017-08-07 17:54 - 2017-08-10 11:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238056432802
2017-08-07 17:54 - 2017-08-09 13:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238025134302
2017-08-07 17:54 - 2017-08-09 13:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150229892559302
2017-08-07 17:54 - 2017-08-09 10:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150229874046802
2017-08-07 17:54 - 2017-08-09 10:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228871095302
2017-08-07 17:54 - 2017-08-09 09:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228854692102
2017-08-07 17:54 - 2017-08-08 18:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228463370302
2017-08-07 17:54 - 2017-08-07 20:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150222992340602
2017-08-07 17:54 - 2017-08-07 20:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150215200285902
2017-08-07 17:54 - 2017-08-07 19:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150215175218702
2017-08-07 17:54 - 2017-08-07 19:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214786703102
2017-08-07 17:54 - 2017-08-07 18:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214771012502
2017-08-07 17:54 - 2017-08-07 18:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214379934302
2017-08-07 17:54 - 2017-08-07 17:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214342460902
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-06 18:29 - 2017-04-29 15:31 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-06 18:29 - 2015-03-27 13:05 - 000000000 ____D C:\ProgramData\Skype
2017-09-06 18:26 - 2017-02-11 12:36 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-09-06 18:23 - 2014-07-09 11:10 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-09-06 18:23 - 2014-07-09 11:10 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-09-06 18:22 - 2016-04-09 14:11 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-09-06 18:22 - 2014-07-09 11:10 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-09-06 18:21 - 2017-02-11 12:36 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-09-06 18:21 - 2017-02-11 12:36 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-09-06 18:21 - 2017-02-11 12:36 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-09-06 18:21 - 2017-02-11 12:36 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-09-06 18:16 - 2016-10-29 13:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-06 18:15 - 2016-10-29 12:55 - 000000000 ____D C:\Users\mmv
2017-09-06 18:15 - 2016-10-29 12:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-06 18:15 - 2016-07-16 02:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-06 17:54 - 2014-01-20 22:08 - 000000000 ____D C:\Users\mmv\AppData\Local\CrashDumps
2017-09-06 17:21 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 17:20 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-05 23:49 - 2017-06-13 09:37 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-09-05 23:49 - 2017-06-06 10:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-05 23:49 - 2017-03-15 20:33 - 000004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460828995
2017-09-05 23:49 - 2016-11-06 20:28 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-09-05 23:49 - 2016-11-06 20:27 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-09-05 23:49 - 2015-01-11 14:27 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-09-05 23:30 - 2016-10-29 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-05 13:51 - 2017-06-06 10:24 - 000061304 _____ () C:\WINDOWS\SMSS-PFRO62ff.tmp
2017-09-05 10:45 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-28 22:58 - 2014-01-17 18:07 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 10:44 - 2014-01-10 23:37 - 000000000 ____D C:\Users\mmv\AppData\Local\Packages
2017-08-24 22:43 - 2015-12-05 23:22 - 001388710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-24 22:40 - 2013-11-21 04:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-22 11:33 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache
2017-08-20 11:18 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
2017-08-20 11:17 - 2016-07-27 19:34 - 000002347 _____ C:\Users\mmv\Desktop\Google Chrome.lnk
2017-08-20 11:15 - 2014-01-10 22:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-20 11:04 - 2016-10-29 12:45 - 000231288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ___RD C:\Program Files\Windows Defender
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Provisioning
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\System
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-18 12:03 - 2015-01-11 14:29 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-09 13:12 - 2014-07-09 11:10 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd055f199da44c6e9.tm p
2017-08-09 13:12 - 2014-07-09 11:10 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8468ad59e3de705b.tm p
2017-08-09 10:07 - 2014-01-12 09:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 10:02 - 2014-01-12 09:25 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 09:29 - 2013-09-12 23:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-07 10:02 - 2017-08-04 21:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1501896641 17102.150211475157802
==================== Files in the root of some directories =======
2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-08-05 19:30 - 2017-08-05 19:30 - 000003584 _____ () C:\Users\mmv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-29 12:49 - 2016-10-29 12:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll
2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe
2017-02-01 15:36 - 2017-02-01 15:36 - 012788328 _____ (Google Inc.) C:\Users\mmv\AppData\Local\Temp\{459168BF-EA4D-4AAF-B8D8-28FC5F911D8C}-56.0.2924.87_55.0.2883.87_chrome_updater.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-05 12:16
==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old September 6th, 2017, 11:40 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Farber Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by mmv (06-09-2017 18:33:04)
Running from C:\Users\mmv\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-29 17:42:38)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================
Administrator (S-1-5-21-3990455747-1832288268-4293809508-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3990455747-1832288268-4293809508-503 - Limited - Disabled)
Guest (S-1-5-21-3990455747-1832288268-4293809508-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3990455747-1832288268-4293809508-1003 - Limited - Enabled)
mmv (S-1-5-21-3990455747-1832288268-4293809508-1001 - Administrator - Enabled) => C:\Users\mmv
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.22) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-dda3f77c-cb96-4755-9f58-5a2458b928d8) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
King Oddball (HKLM-x32\...\WTA-69c6a825-b788-4c64-b33b-495b9f9226a7) (Version: 3.0.2.48 - WildTangent) Hidden
Madden NFL 2003 (HKLM-x32\...\{026AFFA3-5865-4FC5-00B2-56B4A738109C}) (Version: - )
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-09efd339-a54e-4e8e-adc8-d6a7a3ee92ab) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.50.2 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {19FCBF20-AAD0-4326-9C9D-B6B111C4F6EE} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()
Task: {1D9A7044-E135-4255-8F2A-DD889F8A5B03} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\mmv\AppData\Local\Microsoft\OneDrive\17.3 .6517.0809\OneDriveStandaloneUpdater.exe
Task: {1DBF67AB-6B12-4EFA-89EE-97F5B1B7C39B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-14] (AVAST Software)
Task: {20E42DF7-FFA7-4305-9287-F8BA89993783} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {346212C6-2CC8-46C8-9C42-32AD4EEB10D8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION
Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6D626C4B-5EED-4374-A2DD-2DAA6A57E701} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6EF96B2E-14FE-475C-A20D-1CEC3C680E05} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {8B292912-F8CF-4671-B16A-0F9C7F2B6D1B} - System32\Tasks\{A06EC42C-3312-4AD3-9FF3-29B5BF440460} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?source=lightinstaller&page=tsInstal l
Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {B3476D9B-731E-4F1A-8FF9-686159EB8E73} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D3176786-7091-42DE-83DF-49A69D7816C4} - System32\Tasks\SafeZone scheduled Autoupdate 1460828995 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E41F49D9-71D9-49D3-94F2-17259C7EE808} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {E46616D8-3BC4-44EE-A825-9393FEF4F754} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F18FB778-6974-45DE-9402-9D79475EF281} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-06] (AVAST Software)
Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {F2D1DB3A-4038-447B-A090-1336B540A630} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-14 14:05 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-08-30 23:47 - 2013-08-30 23:47 - 000099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-16 19:22 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-22 19:46 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-29 16:33 - 2016-10-29 16:33 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2017-03-14 22:20 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-05-27 12:46 - 2015-05-27 12:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-03-14 22:16 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2017-03-14 22:16 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-03-14 22:16 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2017-08-18 12:04 - 2017-03-04 02:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2017-08-18 12:04 - 2017-08-01 14:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2017-08-18 12:04 - 2017-08-01 14:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-07-23 11:30 - 2017-07-23 11:30 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-23 11:31 - 2017-07-23 11:31 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-23 11:31 - 2017-07-23 11:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-23 11:31 - 2017-07-23 11:31 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-23 11:31 - 2017-07-23 11:31 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-23 11:30 - 2017-07-23 11:30 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-23 11:31 - 2017-07-23 11:31 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-09-06 18:18 - 2017-09-06 18:18 - 000098816 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32api .pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000110080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pywintyp es27.dll
2017-09-06 18:18 - 2017-09-06 18:18 - 000364544 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pythonco m27.dll
2017-09-06 18:18 - 2017-09-06 18:18 - 000320512 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32com .shell.shell.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000914432 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_hashlib .pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 001176576 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._core _.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000806400 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._gdi_ .pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000816128 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._wind ows_.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 001067008 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._cont rols_.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000733184 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._misc _.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000682496 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pysqlite 2._sqlite.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000088064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_ctypes. pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000686080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\unicoded ata.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000119808 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32fil e.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000108544 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32sec urity.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000007168 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\hashobjs _ext.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000017920 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\thumbnai ls_ext.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000088064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\usb_ext. pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000012800 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\common.t ime34.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000018432 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32eve nt.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000167936 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32gui .pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000046080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_socket. pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 001303552 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_ssl.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000128512 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_element tree.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000127488 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pyexpat. pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000038912 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32ine t.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000036864 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_psutil_ windows.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000524248 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\windows. _lib_cacheinvalidation.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000011264 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32cry pt.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000123392 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._wiza rd.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000077312 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._html 2.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000027648 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_multipr ocessing.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000020480 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_yappi.p yd
2017-09-06 18:18 - 2017-09-06 18:18 - 000035840 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pro cess.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000078848 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._anim ate.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000024064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pip e.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000010240 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\select.p yd
2017-09-06 18:18 - 2017-09-06 18:18 - 000025600 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pdh .pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000017408 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pro file.pyd
2017-09-06 18:18 - 2017-09-06 18:18 - 000022528 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32ts. pyd
2017-06-19 20:52 - 2017-06-19 20:52 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mmv\AppData\Local\Packages\Microsoft.Wind ows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackg round\{2a11f3cd-8fd8-4680-bd70-c44288bab19e}.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B8E046E3-B976-4A36-832A-88C185BB0817}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{540E13A1-5817-49F2-8580-F5731F6F99AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D726649B-EF01-4BD8-B5C8-D650893E6EDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{970FE7A2-F930-471A-8E7E-3FA7A7215C9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A056DAC8-7F87-4DB1-B584-E72D89B49685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{38FA54D8-6350-4E2B-8FC3-DAA1A2CA4D2A}] => (Allow) C:\Users\mmv\AppData\Local\Microsoft\SkyDrive\SkyD rive.exe
FirewallRules: [TCP Query User{7DC284C1-FCD5-4B3F-B0CF-7CB26D1383B9}C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe] => (Allow) C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe
FirewallRules: [UDP Query User{FADFAAA6-5EBE-44A3-A021-65F6C31E5C4F}C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe] => (Allow) C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe
FirewallRules: [TCP Query User{03968B6B-5A7A-44C8-BD8A-78327F2F25A3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9AF87140-2632-46E1-A73D-C55B24BB8B68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{ED0395A2-C501-4CAF-8A9A-81E794BC47B0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{12923527-C1EF-4A5F-84AB-35B5D1D747C8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{77129D7E-D33F-4BA7-8B2D-DD18099D17E5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{811C05C4-2E95-45F2-83A5-4D802CFB2278}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{507878A5-AB23-4E10-AEAE-6ED94153864E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{B4EC2E45-2263-4A33-97A0-743A2CDBEA2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF869005-16B4-4205-B22C-1F3D127D8337}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
==================== Restore Points =========================
16-08-2017 12:11:58 Windows Update
28-08-2017 23:35:54 Scheduled Checkpoint
05-09-2017 10:43:11 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2017 06:19:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (09/06/2017 05:54:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PrintDialog.exe, version: 10.0.14393.0, time stamp: 0x57899b7b
Faulting module name: PrintDialog.dll, version: 10.0.14393.953, time stamp: 0x58ba5e12
Exception code: 0x80000003
Fault offset: 0x0000000000029eac
Faulting process id: 0xf5c
Faulting application start time: 0x01d3275a9dd4b745
Faulting application path: C:\WINDOWS\PrintDialog\PrintDialog.exe
Faulting module path: C:\Windows\PrintDialog\PrintDialog.dll
Report Id: ed2328d4-58fe-42b4-af61-91dd01367124
Faulting package full name: Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h 2txyewy
Faulting package-relative application ID: Microsoft.Windows.PrintDialog
Error: (09/06/2017 05:16:05 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (09/05/2017 11:33:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1594
Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1594
Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9203
Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9203
Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/06/2017 06:17:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/06/2017 06:15:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (09/06/2017 06:15:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s).
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2017-03-15 20:41:27.913
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-03-15 20:41:27.434
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3534.26 MB
Available physical RAM: 1787.92 MB
Total Virtual: 5966.26 MB
Available Virtual: 4008.66 MB
==================== Drives ================================
Drive c: (TI10673700F) (Fixed) (Total:688.5 GB) (Free:404.38 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old September 7th, 2017, 01:18 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi pkme,

Thanks for the logs.

Please uninstall: Norton Anti-Theft + Adobe reader X
-------------------------------------------------

Run Webroot Uninstall tool:
https://www.webroot.com/prodCheck/?p...1&osl=en&errid

or;

http://www.carrona.org/avuninst.html

================================================== =====

Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt
Code:
CloseProcesses:
CreateRestorePoint:

Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION
Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
C:\Users\mmv\AppData\Local\Temp
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL =
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
Zip: C:\WINDOWS\system32\Drivers\lpsport.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll
2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\"Install Webroot IE RunOnce.lnk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk"

EmptyTemp:
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

================================================== ======

Scan with Malwarebytes Antimalware:

Please download (Version 2.2) Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the forsion 2llowing:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply


Any issue ?
Reply With Quote
  #8  
Old September 7th, 2017, 03:59 AM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Improving already--thanks! Olgun, I will probably not have time to work on this until next week, as I have a very busy travel schedule. I just did not want you to think I was ignoring you. I will get on this as soon as I can, but you may not hear back from me until next week.
Thanks again!
~pk
Reply With Quote
  #9  
Old September 7th, 2017, 11:56 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Thank you for the information
Reply With Quote
  #10  
Old September 11th, 2017, 06:02 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Results
Hi Olgun-
Thanks for your patience. I am back in town and have worked on the instructions you gave me. I did not find Norton Anti-Theft or Webroot listed under programs on the control panel. I did find Adobe Reader (although it was XI and not X), and I uninstalled that.
Here is the Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by mmv (11-09-2017 11:47:40) Run:1
Running from C:\Users\mmv\Desktop
Loaded Profiles: mmv (Available Profiles: mmv)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION
Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002
Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION
C:\Users\mmv\AppData\Local\Temp
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL =
SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html"
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
Zip: C:\WINDOWS\system32\Drivers\lpsport.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll
2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder\ "Install Webroot IE RunOnce.lnk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk"

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{005A61 4B-9B3E-4C92-B300-ED3D5708CE03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{005A61 4B-9B3E-4C92-B300-ED3D5708CE03} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E507 7C-A16B-466A-AD3D-260688E2852D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E507 7C-A16B-466A-AD3D-260688E2852D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandco ntent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C4104 76-9D8A-4D56-9C34-792A9B33312D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C4104 76-9D8A-4D56-9C34-792A9B33312D} => key removed successfully
C:\WINDOWS\System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1716927 7-FBBE-417C-838B-340D3356EE04} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1939CE 1F-14DE-439D-8A1B-028C91CA4144} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1939CE 1F-14DE-439D-8A1B-028C91CA4144} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2304F0 EA-EB63-47F3-9FB0-B381727B1932} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2304F0 EA-EB63-47F3-9FB0-B381727B1932} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxcon fig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A62D0 B4-B4EC-4AA3-AC9C-11279E81FEF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A62D0 B4-B4EC-4AA3-AC9C-11279E81FEF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B6C39 80-D309-4F3D-A04A-F5D238580431} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6C39 80-D309-4F3D-A04A-F5D238580431} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5201C4 DB-911A-4315-909D-3B527D6E506B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5201C4 DB-911A-4315-909D-3B527D6E506B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmU pload_S-1-5-21-3990455747-1832288268-4293809508-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615B07 C6-B812-4EC7-B5D7-FFD3013EAC86} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615B07 C6-B812-4EC7-B5D7-FFD3013EAC86} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Cleanup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Cleanup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{619543 C3-10E6-4451-BE50-8AFE1157E1B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{619543 C3-10E6-4451-BE50-8AFE1157E1B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{751034 46-C78B-4790-8A97-AA425498C419} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751034 46-C78B-4790-8A97-AA425498C419} => key removed successfully
C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Processor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E36B2 C3-E781-4D58-A779-FDF121AA8132} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E36B2 C3-E781-4D58-A779-FDF121AA8132} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Verification => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Verification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9609D9 95-C8CF-4836-AAE5-77EF54D9C376} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9609D9 95-C8CF-4836-AAE5-77EF54D9C376} => key removed successfully
C:\WINDOWS\System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C363851 7-A53F-43BA-819A-92C876FA96B7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2E4D 14-828C-4CCA-8D72-7F9A17B52550} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2E4D 14-828C-4CCA-8D72-7F9A17B52550} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEA825 C7-725F-4720-8243-4B9C4443B044} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEA825 C7-725F-4720-8243-4B9C4443B044} => key removed successfully
C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C50AE9 C4-6DC4-4057-8E9E-ADE27402002B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50AE9 C4-6DC4-4057-8E9E-ADE27402002B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA0061 CF-5AE8-4251-8FC3-401DBA27ECFB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0061 CF-5AE8-4251-8FC3-401DBA27ECFB} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Cache Maintenance => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Cache Maintenance => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DED4AD F3-9DB4-4BC7-9CBC-AEDFB1F8D50E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED4AD F3-9DB4-4BC7-9CBC-AEDFB1F8D50E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0AE9E F8-C3AB-4EF3-90E6-2074058DDA63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0AE9E F8-C3AB-4EF3-90E6-2074058DDA63} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2540F 99-E83D-49DD-AEE1-F4040AEFBC85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2540F 99-E83D-49DD-AEE1-F4040AEFBC85} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Scheduled Scan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Scheduled Scan => key removed successfully
C:\Users\mmv\AppData\Local\Temp => moved successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74732A63-A99E-4479-87CA-6B710BDA0071} => key removed successfully
HKLM\Software\Classes\CLSID\{74732A63-A99E-4479-87CA-6B710BDA0071} => key not found.
HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully
HKLM\Software\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully
HKLM\Software\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
HKLM\Software\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
Chrome NewTab => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gomekmidlodglbbmalcneegieacbdmki => key removed successfully
================== Zip: ===================
C:\WINDOWS\system32\Drivers\lpsport.sys -> copied successfully to C:\Users\mmv\Desktop\11.09.2017_11.50.50.zip
=========== Zip: End ===========
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk" => not found.
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
"C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll" => not found.
"C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe " => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder\\Install Webroot IE RunOnce.lnk => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder\\Install Webroot FF RunOnce.lnk => value removed successfully

========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder\ "Install Webroot IE RunOnce.lnk" => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk" => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 1122144 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 260063051 B
Java, Flash, Steam htmlcache => 54437 B
Windows/system/drivers => 130651671 B
Edge => 60061373 B
Chrome => 370747590 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 961623 B
NetworkService => 15714396 B
mmv => 10827649 B

RecycleBin => 3514680670 B
EmptyTemp: => 4.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:56:42 ====
Reply With Quote
  #11  
Old September 11th, 2017, 06:05 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Malwarebytes
Here is the Malwarebytes scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/11/2017
Scan Time: 12:11 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.09.11.08
Rootkit Database: v2017.08.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: mmv

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328661
Time Elapsed: 28 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Reply With Quote
  #12  
Old September 11th, 2017, 06:07 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
more Malwarebytes
And, just in case you need it, here is the protection log:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Remediation Database, 2016.2.12.1, 2017.9.1.1,
Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Rootkit Database, 2016.2.8.1, 2017.8.2.1,
Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, IP Database, 2016.2.8.1, 2017.9.11.2,
Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Domain Database, 2016.2.16.8, 2017.9.11.4,
Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Malware Database, 2016.2.16.6, 2017.9.11.8,
Scan, 9/11/2017 12:40 PM, SYSTEM, MMV-PC, Manual, Start:9/11/2017 12:11 PM, Duration:28 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)
Reply With Quote
  #13  
Old September 11th, 2017, 06:09 PM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
I have not used this laptop for anything other than running these scans, so I have not noticed any issues. I am going to do some work on it now. I'll let you know if I have any problems.
Thanks again!
~pk
Reply With Quote
  #14  
Old September 11th, 2017, 10:31 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
  
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Quote:
Originally Posted by pkme View Post
I have not used this laptop for anything other than running these scans, so I have not noticed any issues. I am going to do some work on it now. I'll let you know if I have any problems.
Thanks again!
~pk
Okay.
===================================

Your Adobe Reader X is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Acrobat Reader DC to your PC's desktop.
  • Uninstall Adobe reader via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.
Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

================================================== ========================

Quote:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Your drivers and operating system should always be up to date.
Do you update your operating system?
================================================== ======

Please do this;

  1. Download the Norton Removal Tool (NRT)
  2. Reboot the computer into safe mode (for windows all versions see this page (link is external)).
  3. Uninstall any Norton Security products using NRT.
-------------------

Please do check Webroot and for Norton anti theft.

Please boot the device in safe mode. -> Click start -> Computer -> open C: Folder -> Program files ( X 86) -> Search for Norton anti theft. Then right click on it & uninstall it.
-> Then click Start and Run. -> Type regedit -> Clt+F -> Type in "Norton" -> Delete all that comes up -> F3 + Enter -> Delete what ever comes up -> keep on doing this till all Norton files are removed. -> Reboot it in normal mode and check.

===========================

Please post a fresh FRST logfile for my check.
Reply With Quote
  #15  
Old September 14th, 2017, 05:14 AM
pkme's Avatar
pkme pkme is offline
Senior Member
  
Join Date: Sep 2003
Location: Kentucky, United States
Posts: 221
Red face
Hi Olgun-
I had some troubles with the latest instructions that you gave me.
- I could not find Adobe Reader in the program list or on a search of the computer. I did install Adobe Reader DC.
- I have not done any updating on this laptop, as it was my husband's, and I only recently began using it. I am certain that he never updated anything. Can you please tell me how to update the drivers? I opened the control panel, but I do not see an "Update Driver" option, and I cannot find the Hardware Update wizard. I have attached a screenshot of what I'm looking at, so I hope that will enable you to help me.
- I tried to update the OS, but it is also not working. It says that updates are available, but downloading is just hanging at 0%.
- I booted the laptop in safe mode, but Norton R&R would not open. I was able to run it once I got back in normal mode.
- While in safe mode, I searched but did not find Norton anti theft. I did find Symantic.nortonstudio, and I was able to delete a few of those, but 2 were left that I was unable to delete. I did also find webroot once, and I deleted that.
- I ran a new FRST scan. I will report the results in the following post.
Thanks for all of your help.
~pk
Attached Images
File Type: jpg Screenshot.jpg (102.6 KB, 3 views)
Reply With Quote
Reply
Page 1 of 3 1 23

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Dropped a heavy object on laptop, Laptop starts randomly shutting down yvsandeep Hardware 3 May 27th, 2009 07:53 AM
Epson SX600FW set up to Dell laptop fine but won't print from HP laptop (Windows XP) LouG Networking 0 April 30th, 2009 11:37 AM
Roommate's dog chewed up laptop adapter, now laptop will not turn on jds2006 Hardware 3 February 13th, 2008 06:21 AM
Anything salvageable? atarah Hardware 9 August 5th, 2006 12:14 AM
laptop screen turned black but laptop still running anetry Windows XP 2 March 18th, 2006 05:32 PM


All times are GMT +1. The time now is 06:08 AM.