|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
||||
|
||||
Is this laptop salvageable?!
My laptop is possessed. The cursor randomly takes on a life of its own. Sometimes it works just fine, and other times it bounces all over the place. Then today, when opening totally innocuous web pages (even cybertechhelp!) in Chrome, my browser suddenly got hijacked to some extremely inappropriate websites. I have been bombarded by images that I can never unsee. Ugh.
I ran a full system scan with Windows Defender, but it revealed nothing. Help?! Please?! BTW, I switched to IE, and so far, no hijackings. Thanks very, very much in advance. ~pk |
#2
|
||||
|
||||
Hello pkme and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* Let's check. I Would like you to do the following =============================== Hosts File Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. To do it:
Something you need to do now is to reset your browsers. Instructions on how to backup your Favourites/Bookmarks and other data can be found below If necessary; Proceed with the reset once done.
Adwcleaner scan: Please download AdwCleaner by Xplode onto your desktop.
Next >>> Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
#3
|
||||
|
||||
AdwCleaner logfile
Hello olgun, and thank you for your help! Here is the first logfile. I will work on the other & post it shortly.
# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 06 22:13:52 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 09-01-2017.2 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nicevideo.us PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** PUP.Optional.Legacy, SearchProvider found: Ask.com - askws /!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## |
#4
|
||||
|
||||
Farber Recovery Results
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by mmv (administrator) on MMV-PC (06-09-2017 18:28:28) Running from C:\Users\mmv\Desktop Loaded Profiles: mmv (Available Profiles: mmv) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_Activ eX.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1561_no ne_7ef6e89821f9a6be\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-23] (AVAST Software) HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google) HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation) Startup: C:\Users\mmv\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Send to OneNote.lnk [2015-01-07] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{4dd5dcc1-e3aa-4ad7-8231-96d6e2ddfa0d}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{bb83b569-0c23-4385-9de5-595e6f27d2c6}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL = SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation) Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-17] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [2013-07-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html" CHR Profile: C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default [2017-09-06] CHR Extension: (Google Docs) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-03-27] CHR Extension: (Google Drive) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-11-08] CHR Extension: (YouTube) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-10-04] CHR Extension: (Google Search) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-11-08] CHR Extension: (Google Docs Offline) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-04-16] CHR Extension: (Avast Online Security) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2017-08-24] CHR Extension: (San Antonio Spurs) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nldfpkbofmebiaoaflmifbmblp pieefk [2014-07-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-04-06] CHR Extension: (Chrome Media Router) - C:\Users\mmv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-08-10] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-23] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-23] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation) R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] () R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-08-01] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320528 2017-09-06] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-09-06] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343296 2017-09-06] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-09-06] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47016 2017-09-06] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-06] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147784 2017-09-06] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-09-06] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-09-06] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1016384 2017-09-06] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [590880 2017-09-06] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [199312 2017-09-06] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-09-06] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-09-05] () R1 MpKsl7e34a675; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD6B0FAB-BACA-4A8D-ABB7-52D3ADA2965D}\MpKsl7e34a675.sys [44928 2017-09-06] (Microsoft Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (TPMX Electronics Ltd.) S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [33048 2016-07-11] () S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [50880 2015-10-08] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-06 18:28 - 2017-09-06 18:30 - 000015011 _____ C:\Users\mmv\Desktop\FRST.txt 2017-09-06 18:27 - 2017-09-06 18:28 - 000000000 ____D C:\FRST 2017-09-06 18:26 - 2017-09-06 18:27 - 002395648 _____ (Farbar) C:\Users\mmv\Desktop\FRST64.exe 2017-09-06 18:26 - 2017-09-06 18:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504736798 06202 2017-09-06 18:24 - 2017-09-06 18:23 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-09-06 18:09 - 2017-09-06 18:22 - 000000000 ____D C:\AdwCleaner 2017-09-06 18:08 - 2017-09-06 18:08 - 008182736 _____ (Malwarebytes) C:\Users\mmv\Desktop\adwcleaner_7.0.2.1.exe 2017-09-06 17:43 - 2017-09-06 17:47 - 000131506 _____ C:\Users\mmv\Desktop\hosts.zip 2017-09-05 18:10 - 2017-09-05 18:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150466975012502 2017-09-05 18:10 - 2017-09-05 18:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150465005060902 2017-09-05 18:10 - 2017-09-05 18:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1504649444 42102.150464984806202 2017-09-05 10:42 - 2017-08-04 01:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-09-05 10:42 - 2017-08-04 01:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-09-05 10:42 - 2017-08-04 01:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-09-05 10:42 - 2017-08-04 00:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-08-29 04:07 - 2017-08-29 04:07 - 000142870 _____ C:\Users\mmv\Desktop\Peer Review.Therese.Fulle.pdf 2017-08-28 10:45 - 2017-08-28 10:45 - 003267436 _____ C:\Users\mmv\Desktop\Counselings.pdf 2017-08-28 10:45 - 2017-08-28 10:45 - 001498717 _____ C:\Users\mmv\Desktop\Netclaims and QA Review Forms.pdf 2017-08-24 22:43 - 2017-09-05 12:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463390232802 2017-08-24 22:43 - 2017-09-05 12:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463070856202 2017-08-24 22:43 - 2017-09-05 11:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150463044509302 2017-08-24 22:43 - 2017-09-05 11:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462565629602 2017-08-24 22:43 - 2017-09-05 10:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462522325002 2017-08-24 22:43 - 2017-09-05 10:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462105912502 2017-08-24 22:43 - 2017-08-29 03:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150462072814002 2017-08-24 22:43 - 2017-08-29 03:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150399335942102 2017-08-24 22:43 - 2017-08-29 02:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150399304317102 2017-08-24 22:43 - 2017-08-29 02:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398910196802 2017-08-24 22:43 - 2017-08-29 01:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398881112502 2017-08-24 22:43 - 2017-08-29 01:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398488414002 2017-08-24 22:43 - 2017-08-29 00:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398460664002 2017-08-24 22:43 - 2017-08-29 00:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398066685902 2017-08-24 22:43 - 2017-08-28 23:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150398045085902 2017-08-24 22:43 - 2017-08-28 23:11 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150397650681202 2017-08-24 22:43 - 2017-08-28 09:35 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150397629648402 2017-08-24 22:43 - 2017-08-28 09:31 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392731531202 2017-08-24 22:43 - 2017-08-28 08:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392708865602 2017-08-24 22:43 - 2017-08-27 23:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150392305725002 2017-08-24 22:43 - 2017-08-27 22:34 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150389162387502 2017-08-24 22:43 - 2017-08-27 22:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150388764520302 2017-08-24 22:43 - 2017-08-26 19:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150388736151502 2017-08-24 22:43 - 2017-08-26 19:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150379062371802 2017-08-24 22:43 - 2017-08-26 19:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150379016234302 2017-08-24 22:43 - 2017-08-26 16:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150378587895302 2017-08-24 22:43 - 2017-08-26 12:47 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150377082859302 2017-08-24 22:43 - 2017-08-25 19:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150376219265602 2017-08-24 22:43 - 2017-08-25 18:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150370294782802 2017-08-24 22:43 - 2017-08-25 10:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150370162715602 2017-08-24 22:43 - 2017-08-25 10:23 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150367137165602 2017-08-24 22:43 - 2017-08-24 23:10 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150367103859302 2017-08-24 22:43 - 2017-08-24 22:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150363060879602 2017-08-24 22:43 - 2017-08-24 22:43 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503629030 31202.150362985795302 2017-08-21 19:48 - 2017-08-24 12:39 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150359300409302 2017-08-21 19:48 - 2017-08-24 09:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150359277456202 2017-08-21 19:48 - 2017-08-24 09:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150358307759302 2017-08-21 19:48 - 2017-08-22 18:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150358280407802 2017-08-21 19:48 - 2017-08-22 18:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150344255918702 2017-08-21 19:48 - 2017-08-22 16:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150344224557802 2017-08-21 19:48 - 2017-08-22 16:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150343258689002 2017-08-21 19:48 - 2017-08-22 13:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150343232196802 2017-08-21 19:48 - 2017-08-22 13:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150342160348402 2017-08-21 19:48 - 2017-08-22 11:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150342142887502 2017-08-21 19:48 - 2017-08-22 11:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150341753400002 2017-08-21 19:48 - 2017-08-21 20:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150341732367102 2017-08-21 19:48 - 2017-08-21 19:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150336023629602 2017-08-21 19:48 - 2017-08-21 19:48 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503359300 18702.150335990956202 2017-08-20 11:14 - 2017-08-21 12:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150333187434302 2017-08-20 11:14 - 2017-08-20 20:11 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150333154446802 2017-08-20 11:14 - 2017-08-20 20:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327430417102 2017-08-20 11:14 - 2017-08-20 19:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327401671802 2017-08-20 11:14 - 2017-08-20 18:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150327010032802 2017-08-20 11:14 - 2017-08-20 13:48 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150326981415602 2017-08-20 11:14 - 2017-08-20 13:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150325131035902 2017-08-20 11:14 - 2017-08-20 12:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150325113206202 2017-08-20 11:14 - 2017-08-20 12:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324724529602 2017-08-20 11:14 - 2017-08-20 11:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324703923402 2017-08-20 11:14 - 2017-08-20 11:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324314035902 2017-08-20 11:14 - 2017-08-20 11:14 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1503242048 42102.150324275381202 2017-08-18 12:06 - 2017-08-01 13:20 - 002264344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-08-18 12:06 - 2017-08-01 13:20 - 001431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll 2017-08-18 12:06 - 2017-08-01 13:20 - 000781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-08-18 12:06 - 2017-08-01 13:20 - 000116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-08-18 12:06 - 2017-08-01 13:19 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-08-18 12:06 - 2017-08-01 13:19 - 000577976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-08-18 12:06 - 2017-08-01 13:19 - 000339896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-08-18 12:06 - 2017-08-01 13:19 - 000266080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-08-18 12:06 - 2017-08-01 13:19 - 000120416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-08-18 12:06 - 2017-08-01 13:18 - 000139104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-08-18 12:06 - 2017-08-01 13:16 - 006665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll 2017-08-18 12:06 - 2017-08-01 13:16 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-08-18 12:06 - 2017-08-01 13:16 - 001845512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-08-18 12:06 - 2017-08-01 13:15 - 020967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-08-18 12:06 - 2017-08-01 13:15 - 001360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-08-18 12:06 - 2017-08-01 13:15 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-08-18 12:06 - 2017-08-01 13:15 - 000981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-08-18 12:06 - 2017-08-01 13:10 - 000306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2017-08-18 12:06 - 2017-08-01 13:07 - 005686784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-08-18 12:06 - 2017-08-01 12:59 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-08-18 12:06 - 2017-08-01 12:58 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-08-18 12:06 - 2017-08-01 12:56 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll 2017-08-18 12:06 - 2017-08-01 12:56 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dl l 2017-08-18 12:06 - 2017-08-01 12:55 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDisc overy.Dnssd.dll 2017-08-18 12:06 - 2017-08-01 12:54 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2017-08-18 12:06 - 2017-08-01 12:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2017-08-18 12:06 - 2017-08-01 12:54 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-08-18 12:06 - 2017-08-01 12:53 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-08-18 12:06 - 2017-08-01 12:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll 2017-08-18 12:06 - 2017-08-01 12:52 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2017-08-18 12:06 - 2017-08-01 12:51 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll 2017-08-18 12:06 - 2017-08-01 12:51 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Walle t.dll 2017-08-18 12:06 - 2017-08-01 12:51 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2017-08-18 12:06 - 2017-08-01 12:51 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-08-18 12:06 - 2017-08-01 12:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-08-18 12:06 - 2017-08-01 12:51 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-08-18 12:06 - 2017-08-01 12:50 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-08-18 12:06 - 2017-08-01 12:50 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-08-18 12:06 - 2017-08-01 12:50 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-08-18 12:06 - 2017-08-01 12:50 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-08-18 12:06 - 2017-08-01 12:49 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-08-18 12:06 - 2017-08-01 12:48 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2017-08-18 12:06 - 2017-08-01 12:48 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000396288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-08-18 12:06 - 2017-08-01 12:47 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-08-18 12:06 - 2017-08-01 12:45 - 002333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-08-18 12:06 - 2017-08-01 12:45 - 001985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll 2017-08-18 12:06 - 2017-08-01 12:42 - 018364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-08-18 12:06 - 2017-08-01 12:41 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2017-08-18 12:06 - 2017-08-01 12:40 - 019415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-08-18 12:06 - 2017-08-01 12:40 - 012187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-08-18 12:06 - 2017-08-01 12:39 - 007626240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-08-18 12:06 - 2017-08-01 12:39 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-08-18 12:06 - 2017-08-01 12:38 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2017-08-18 12:06 - 2017-08-01 12:37 - 012349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-08-18 12:06 - 2017-08-01 12:37 - 003520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2017-08-18 12:06 - 2017-08-01 12:37 - 002641920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-08-18 12:06 - 2017-08-01 12:37 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll 2017-08-18 12:06 - 2017-08-01 12:37 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dl l 2017-08-18 12:06 - 2017-08-01 12:36 - 007468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-08-18 12:06 - 2017-08-01 12:35 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-08-18 12:06 - 2017-08-01 12:34 - 001170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-08-18 12:06 - 2017-08-01 12:34 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-08-18 12:06 - 2017-08-01 12:34 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-08-18 12:06 - 2017-08-01 12:33 - 006031872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-08-18 12:06 - 2017-08-01 12:33 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2017-08-18 12:06 - 2017-08-01 12:32 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll 2017-08-18 12:06 - 2017-08-01 12:32 - 002648576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 003664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 001988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-08-18 12:06 - 2017-08-01 12:31 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2017-08-18 12:06 - 2017-08-01 12:31 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivit y.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 002997248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-08-18 12:06 - 2017-08-01 12:30 - 002482688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundT ransfer.dll 2017-08-18 12:06 - 2017-08-01 12:30 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-08-18 12:06 - 2017-08-01 12:29 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-08-18 12:06 - 2017-08-01 12:28 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-08-18 12:06 - 2017-08-01 10:15 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-08-18 12:06 - 2017-07-12 02:15 - 000496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-08-18 12:06 - 2017-07-12 02:12 - 001706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-08-18 12:06 - 2017-07-12 02:12 - 001573280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-08-18 12:06 - 2017-07-12 01:55 - 000607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-08-18 12:06 - 2017-07-12 01:55 - 000111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2017-08-18 12:06 - 2017-07-12 01:52 - 004312760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-08-18 12:06 - 2017-07-12 01:35 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll 2017-08-18 12:06 - 2017-07-12 01:32 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2017-08-18 12:06 - 2017-07-12 01:32 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\frprov.dll 2017-08-18 12:06 - 2017-07-12 01:31 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-08-18 12:06 - 2017-07-12 01:31 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll 2017-08-18 12:06 - 2017-07-12 01:30 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll 2017-08-18 12:06 - 2017-07-12 01:29 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-08-18 12:06 - 2017-07-12 01:29 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\httpapi.dll 2017-08-18 12:06 - 2017-07-12 01:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2017-08-18 12:06 - 2017-07-12 01:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-08-18 12:06 - 2017-07-12 01:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-08-18 12:06 - 2017-07-12 01:21 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-08-18 12:06 - 2017-07-12 01:19 - 006474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2017-08-18 12:06 - 2017-07-12 01:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-08-18 12:06 - 2017-07-12 01:15 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-08-18 12:06 - 2017-07-12 01:15 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll 2017-08-18 12:06 - 2017-07-12 01:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-08-18 12:06 - 2017-07-12 01:13 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-08-18 12:06 - 2017-07-12 01:12 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-08-18 12:06 - 2017-07-12 01:11 - 002154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-08-18 12:06 - 2017-07-12 01:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-08-18 12:06 - 2017-07-12 01:10 - 000546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2017-08-18 12:06 - 2017-07-12 01:09 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-08-18 12:06 - 2017-07-12 01:07 - 001572352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-08-18 12:06 - 2017-07-12 01:05 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-08-18 12:06 - 2017-03-04 02:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2017-08-18 12:05 - 2017-08-01 15:32 - 000133984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-08-18 12:05 - 2017-08-01 15:31 - 007780192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-08-18 12:05 - 2017-08-01 15:27 - 000118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-08-18 12:05 - 2017-08-01 15:25 - 000168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2017-08-18 12:05 - 2017-08-01 15:22 - 001860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll 2017-08-18 12:05 - 2017-08-01 15:22 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2017-08-18 12:05 - 2017-08-01 15:21 - 002759712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-08-18 12:05 - 2017-08-01 15:21 - 000857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-08-18 12:05 - 2017-08-01 15:21 - 000624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-08-18 12:05 - 2017-08-01 15:21 - 000295264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-08-18 12:05 - 2017-08-01 15:21 - 000124072 _____ (Microsoft |
#5
|
||||
|
||||
Farber Recovery Part 2:
Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-08-18 12:05 - 2017-08-01 15:20 - 002446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-08-18 12:05 - 2017-08-01 15:20 - 000684344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-08-18 12:05 - 2017-08-01 15:20 - 000383776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-08-18 12:05 - 2017-08-01 15:20 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-08-18 12:05 - 2017-08-01 15:18 - 008169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll 2017-08-18 12:05 - 2017-08-01 15:18 - 004260064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-08-18 12:05 - 2017-08-01 15:18 - 001983408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-08-18 12:05 - 2017-08-01 15:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-08-18 12:05 - 2017-08-01 15:18 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-08-18 12:05 - 2017-08-01 15:17 - 022220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-08-18 12:05 - 2017-08-01 15:17 - 001600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-08-18 12:05 - 2017-08-01 15:17 - 001072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-08-18 12:05 - 2017-08-01 15:17 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-08-18 12:05 - 2017-08-01 15:13 - 002532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-08-18 12:05 - 2017-08-01 15:13 - 001102176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-08-18 12:05 - 2017-08-01 15:13 - 000387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-08-18 12:05 - 2017-08-01 15:01 - 007218176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-08-18 12:05 - 2017-08-01 14:57 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-08-18 12:05 - 2017-08-01 14:54 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-08-18 12:05 - 2017-08-01 14:53 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-08-18 12:05 - 2017-08-01 14:52 - 022569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-08-18 12:05 - 2017-08-01 14:52 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll 2017-08-18 12:05 - 2017-08-01 14:51 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDisc overy.Dnssd.dll 2017-08-18 12:05 - 2017-08-01 14:48 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandle rs.dll 2017-08-18 12:05 - 2017-08-01 14:48 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-08-18 12:05 - 2017-08-01 14:48 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-08-18 12:05 - 2017-08-01 14:47 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-08-18 12:05 - 2017-08-01 14:47 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-08-18 12:05 - 2017-08-01 14:47 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dl l 2017-08-18 12:05 - 2017-08-01 14:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-08-18 12:05 - 2017-08-01 14:46 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-08-18 12:05 - 2017-08-01 14:46 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2017-08-18 12:05 - 2017-08-01 14:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-08-18 12:05 - 2017-08-01 14:46 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-08-18 12:05 - 2017-08-01 14:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-08-18 12:05 - 2017-08-01 14:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-08-18 12:05 - 2017-08-01 14:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-08-18 12:05 - 2017-08-01 14:45 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Walle t.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-08-18 12:05 - 2017-08-01 14:45 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-08-18 12:05 - 2017-08-01 14:44 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-08-18 12:05 - 2017-08-01 14:44 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dl l 2017-08-18 12:05 - 2017-08-01 14:43 - 000966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll 2017-08-18 12:05 - 2017-08-01 14:43 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2017-08-18 12:05 - 2017-08-01 14:43 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-08-18 12:05 - 2017-08-01 14:43 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-08-18 12:05 - 2017-08-01 14:42 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-08-18 12:05 - 2017-08-01 14:42 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-08-18 12:05 - 2017-08-01 14:40 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2017-08-18 12:05 - 2017-08-01 14:40 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-08-18 12:05 - 2017-08-01 14:40 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.Web.Core.dll 2017-08-18 12:05 - 2017-08-01 14:39 - 009129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-08-18 12:05 - 2017-08-01 14:39 - 001281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-08-18 12:05 - 2017-08-01 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.service provider.dll 2017-08-18 12:05 - 2017-08-01 14:39 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-08-18 12:05 - 2017-08-01 14:38 - 013441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-08-18 12:05 - 2017-08-01 14:37 - 013091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-08-18 12:05 - 2017-08-01 14:36 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-08-18 12:05 - 2017-08-01 14:35 - 001908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-08-18 12:05 - 2017-08-01 14:34 - 001837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-08-18 12:05 - 2017-08-01 14:33 - 004749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-08-18 12:05 - 2017-08-01 14:33 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll 2017-08-18 12:05 - 2017-08-01 14:32 - 008114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-08-18 12:05 - 2017-08-01 14:32 - 004596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2017-08-18 12:05 - 2017-08-01 14:32 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-08-18 12:05 - 2017-08-01 14:30 - 002916864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-08-18 12:05 - 2017-08-01 14:30 - 001643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-08-18 12:05 - 2017-08-01 14:30 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-08-18 12:05 - 2017-08-01 14:30 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-08-18 12:05 - 2017-08-01 14:29 - 004743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-08-18 12:05 - 2017-08-01 14:29 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll 2017-08-18 12:05 - 2017-08-01 14:29 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-08-18 12:05 - 2017-08-01 14:28 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-08-18 12:05 - 2017-08-01 14:28 - 001490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 008076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 004149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 002538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 000903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-08-18 12:05 - 2017-08-01 14:27 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2017-08-18 12:05 - 2017-08-01 14:27 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2017-08-18 12:05 - 2017-08-01 14:26 - 001513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-08-18 12:05 - 2017-08-01 14:26 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivit y.dll 2017-08-18 12:05 - 2017-08-01 14:25 - 001726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-08-18 12:05 - 2017-08-01 14:24 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-08-18 12:05 - 2017-08-01 14:24 - 001121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-08-18 12:05 - 2017-08-01 14:24 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2017-08-18 12:05 - 2017-08-01 14:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundT ransfer.dll 2017-08-18 12:05 - 2017-08-01 14:23 - 003615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-08-18 12:05 - 2017-07-12 02:17 - 000081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2017-08-18 12:05 - 2017-07-12 02:16 - 000646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-08-18 12:05 - 2017-07-12 02:15 - 002213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-08-18 12:05 - 2017-07-12 02:14 - 001886896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-08-18 12:05 - 2017-07-12 02:13 - 002253664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-08-18 12:05 - 2017-07-12 02:09 - 001181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-08-18 12:05 - 2017-07-12 02:02 - 002186592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-08-18 12:05 - 2017-07-12 02:02 - 000402776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-08-18 12:05 - 2017-07-12 02:01 - 000156000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2017-08-18 12:05 - 2017-07-12 02:00 - 000223072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-08-18 12:05 - 2017-07-12 02:00 - 000160608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys 2017-08-18 12:05 - 2017-07-12 01:59 - 000857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-08-18 12:05 - 2017-07-12 01:59 - 000148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-08-18 12:05 - 2017-07-12 01:55 - 004674872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-08-18 12:05 - 2017-07-12 01:24 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmdisk0101.sys 2017-08-18 12:05 - 2017-07-12 01:24 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll 2017-08-18 12:05 - 2017-07-12 01:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll 2017-08-18 12:05 - 2017-07-12 01:23 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-08-18 12:05 - 2017-07-12 01:23 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll 2017-08-18 12:05 - 2017-07-12 01:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-08-18 12:05 - 2017-07-12 01:23 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\frprov.dll 2017-08-18 12:05 - 2017-07-12 01:21 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-08-18 12:05 - 2017-07-12 01:21 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll 2017-08-18 12:05 - 2017-07-12 01:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpapi.dll 2017-08-18 12:05 - 2017-07-12 01:19 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-08-18 12:05 - 2017-07-12 01:19 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-08-18 12:05 - 2017-07-12 01:17 - 000552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-08-18 12:05 - 2017-07-12 01:17 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2017-08-18 12:05 - 2017-07-12 01:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-08-18 12:05 - 2017-07-12 01:16 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-08-18 12:05 - 2017-07-12 01:15 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-08-18 12:05 - 2017-07-12 01:13 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-08-18 12:05 - 2017-07-12 01:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-08-18 12:05 - 2017-07-12 01:12 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll 2017-08-18 12:05 - 2017-07-12 01:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-08-18 12:05 - 2017-07-12 01:09 - 003291136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-08-18 12:05 - 2017-07-12 01:08 - 002861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-08-18 12:05 - 2017-07-12 01:07 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2017-08-18 12:05 - 2017-07-12 01:06 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-08-18 12:05 - 2017-07-12 01:06 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-08-18 12:05 - 2017-07-12 01:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-08-18 12:05 - 2017-07-12 01:02 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-08-18 12:05 - 2017-07-12 01:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-08-18 12:05 - 2017-07-12 01:00 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2017-08-18 12:05 - 2017-07-12 00:59 - 006664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2017-08-18 12:05 - 2017-07-12 00:59 - 002318336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-08-18 12:05 - 2017-07-12 00:59 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-08-18 12:05 - 2017-07-12 00:58 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-08-18 12:05 - 2017-07-12 00:58 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-08-18 12:05 - 2017-07-12 00:58 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-08-18 12:05 - 2017-07-12 00:57 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-08-18 12:05 - 2017-07-12 00:56 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-08-18 12:05 - 2017-07-11 22:49 - 000448629 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-08-18 12:05 - 2017-03-04 02:16 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll 2017-08-18 12:05 - 2017-03-04 02:14 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2017-08-18 12:05 - 2017-03-04 02:07 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-08-18 12:05 - 2017-03-04 02:05 - 001328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2017-08-18 12:05 - 2016-09-07 01:24 - 000057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-08-18 12:05 - 2016-08-02 04:13 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-08-18 12:04 - 2017-08-01 15:29 - 000376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-08-18 12:04 - 2017-08-01 15:21 - 000146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-08-18 12:04 - 2017-08-01 15:21 - 000026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-08-18 12:04 - 2017-08-01 15:20 - 000557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-08-18 12:04 - 2017-08-01 15:20 - 000079712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-08-18 12:04 - 2017-08-01 15:17 - 000241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-08-18 12:04 - 2017-08-01 14:52 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-08-18 12:04 - 2017-08-01 14:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-08-18 12:04 - 2017-08-01 14:47 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll 2017-08-18 12:04 - 2017-08-01 14:47 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2017-08-18 12:04 - 2017-08-01 14:46 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-08-18 12:04 - 2017-08-01 14:46 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-08-18 12:04 - 2017-08-01 14:41 - 002222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll 2017-08-18 12:04 - 2017-08-01 14:38 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2017-08-18 12:04 - 2017-08-01 14:36 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2017-08-18 12:04 - 2017-08-01 14:33 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2017-08-18 12:04 - 2017-08-01 14:32 - 000821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll 2017-08-18 12:04 - 2017-08-01 14:27 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2017-08-18 12:04 - 2017-08-01 14:23 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-08-18 12:04 - 2017-07-12 02:15 - 000101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll 2017-08-18 12:04 - 2017-07-12 02:01 - 000715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-08-18 12:04 - 2017-07-12 02:00 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2017-08-18 12:04 - 2017-07-12 01:59 - 001100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-08-18 12:04 - 2017-07-12 01:59 - 000989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-08-18 12:04 - 2017-07-12 01:59 - 000947040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-08-18 12:04 - 2017-07-12 01:56 - 000277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-08-18 12:04 - 2017-07-12 01:25 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2017-08-18 12:04 - 2017-07-12 01:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2017-08-18 12:04 - 2017-07-12 01:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2017-08-18 12:04 - 2017-07-12 01:21 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-08-18 12:04 - 2017-07-12 01:19 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-08-18 12:04 - 2017-07-12 01:12 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-08-18 12:04 - 2017-07-12 01:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-08-18 12:04 - 2017-07-12 01:07 - 000954880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-08-18 12:04 - 2017-07-12 01:06 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll 2017-08-18 12:04 - 2017-07-12 01:03 - 001692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll 2017-08-18 12:04 - 2017-07-12 01:01 - 002279424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-08-18 12:04 - 2017-03-04 02:57 - 000372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2017-08-16 13:13 - 2017-08-16 13:13 - 000077941 _____ C:\Users\mmv\Documents\CoverLetter WIN.pdf 2017-08-15 23:42 - 2017-08-15 23:42 - 000457637 _____ C:\Users\mmv\Documents\Pam Prentice Valdés CC PalmBeach Treasure Coast.pdf 2017-08-15 22:10 - 2017-08-15 22:10 - 000078246 _____ C:\Users\mmv\Documents\CoverLetter Cigna.pdf 2017-08-15 21:30 - 2017-08-15 21:30 - 000457655 _____ C:\Users\mmv\Documents\Pam Prentice Valdés Gen.pdf 2017-08-11 16:52 - 2017-08-18 21:42 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150311138331202 2017-08-11 16:52 - 2017-08-18 20:36 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310696529602 2017-08-11 16:52 - 2017-08-18 20:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310298675002 2017-08-11 16:52 - 2017-08-18 18:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150310264387502 2017-08-11 16:52 - 2017-08-18 18:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150309454646802 2017-08-11 16:52 - 2017-08-18 16:40 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150309433809302 2017-08-11 16:52 - 2017-08-18 16:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308881171802 2017-08-11 16:52 - 2017-08-18 15:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308863028102 2017-08-11 16:52 - 2017-08-18 15:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308475178102 2017-08-11 16:52 - 2017-08-18 14:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150308455698402 2017-08-11 16:52 - 2017-08-18 13:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307938070302 2017-08-11 16:52 - 2017-08-18 11:41 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307887493702 2017-08-11 16:52 - 2017-08-18 11:37 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307091429602 2017-08-11 16:52 - 2017-08-18 10:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150307067623402 2017-08-11 16:52 - 2017-08-18 10:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150306674842102 2017-08-11 16:52 - 2017-08-17 15:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150306656468702 2017-08-11 16:52 - 2017-08-17 15:16 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150299763484302 2017-08-11 16:52 - 2017-08-17 13:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150299740437502 2017-08-11 16:52 - 2017-08-17 12:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298942585902 2017-08-11 16:52 - 2017-08-17 10:59 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298901595302 2017-08-11 16:52 - 2017-08-17 00:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150298196310902 2017-08-11 16:52 - 2017-08-16 14:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150294256017102 2017-08-11 16:52 - 2017-08-16 14:02 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290674939002 2017-08-11 16:52 - 2017-08-16 12:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290656770302 2017-08-11 16:52 - 2017-08-16 12:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290267503102 2017-08-11 16:52 - 2017-08-16 10:06 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150290249242102 2017-08-11 16:52 - 2017-08-16 10:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150289236593702 2017-08-11 16:52 - 2017-08-16 08:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150289219731202 2017-08-11 16:52 - 2017-08-16 00:29 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150288830870302 2017-08-11 16:52 - 2017-08-15 23:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285776307802 2017-08-11 16:52 - 2017-08-15 23:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285391768702 2017-08-11 16:52 - 2017-08-15 22:18 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150285374807802 2017-08-11 16:52 - 2017-08-15 22:16 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284993607802 2017-08-11 16:52 - 2017-08-15 21:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284976089002 2017-08-11 16:52 - 2017-08-15 21:07 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284595984302 2017-08-11 16:52 - 2017-08-15 13:55 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150284564207802 2017-08-11 16:52 - 2017-08-15 13:52 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150281971910902 2017-08-11 16:52 - 2017-08-14 14:57 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150281954132802 2017-08-11 16:52 - 2017-08-14 14:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150273707610902 2017-08-11 16:52 - 2017-08-14 10:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150273689745302 2017-08-11 16:52 - 2017-08-14 10:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150271973375002 2017-08-11 16:52 - 2017-08-12 20:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150271954221802 2017-08-11 16:52 - 2017-08-12 20:39 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150258510025002 2017-08-11 16:52 - 2017-08-12 16:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150258474118702 2017-08-11 16:52 - 2017-08-12 16:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150256876270302 2017-08-11 16:52 - 2017-08-11 22:19 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150256850143702 2017-08-11 16:52 - 2017-08-11 22:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250436948402 2017-08-11 16:52 - 2017-08-11 21:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250415992102 2017-08-11 16:52 - 2017-08-11 21:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250033429602 2017-08-11 16:52 - 2017-08-11 17:01 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150250012192102 2017-08-11 16:52 - 2017-08-11 16:58 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150248530006202 2017-08-11 16:52 - 2017-08-11 16:52 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502484779 75002.150248513893702 2017-08-07 17:54 - 2017-08-10 11:56 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238677862502 2017-08-07 17:54 - 2017-08-10 11:50 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238056432802 2017-08-07 17:54 - 2017-08-09 13:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150238025134302 2017-08-07 17:54 - 2017-08-09 13:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150229892559302 2017-08-07 17:54 - 2017-08-09 10:25 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150229874046802 2017-08-07 17:54 - 2017-08-09 10:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228871095302 2017-08-07 17:54 - 2017-08-09 09:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228854692102 2017-08-07 17:54 - 2017-08-08 18:05 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150228463370302 2017-08-07 17:54 - 2017-08-07 20:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150222992340602 2017-08-07 17:54 - 2017-08-07 20:22 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150215200285902 2017-08-07 17:54 - 2017-08-07 19:17 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150215175218702 2017-08-07 17:54 - 2017-08-07 19:15 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214786703102 2017-08-07 17:54 - 2017-08-07 18:09 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214771012502 2017-08-07 17:54 - 2017-08-07 18:03 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214379934302 2017-08-07 17:54 - 2017-08-07 17:54 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1502142891 29602.150214342460902 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-06 18:29 - 2017-04-29 15:31 - 000000000 ___RD C:\Program Files (x86)\Skype 2017-09-06 18:29 - 2015-03-27 13:05 - 000000000 ____D C:\ProgramData\Skype 2017-09-06 18:26 - 2017-02-11 12:36 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2017-09-06 18:23 - 2014-07-09 11:10 - 000590880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000361336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000199312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000147784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-09-06 18:23 - 2014-07-09 11:10 - 000047016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-09-06 18:22 - 2016-04-09 14:11 - 000041832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-09-06 18:22 - 2014-07-09 11:10 - 001016384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-09-06 18:21 - 2017-02-11 12:36 - 000343296 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys 2017-09-06 18:21 - 2017-02-11 12:36 - 000320528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2017-09-06 18:21 - 2017-02-11 12:36 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2017-09-06 18:21 - 2017-02-11 12:36 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2017-09-06 18:16 - 2016-10-29 13:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-06 18:15 - 2016-10-29 12:55 - 000000000 ____D C:\Users\mmv 2017-09-06 18:15 - 2016-10-29 12:49 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-09-06 18:15 - 2016-07-16 02:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-09-06 17:54 - 2014-01-20 22:08 - 000000000 ____D C:\Users\mmv\AppData\Local\CrashDumps 2017-09-06 17:21 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-06 17:20 - 2016-07-16 07:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-05 23:49 - 2017-06-13 09:37 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-09-05 23:49 - 2017-06-06 10:24 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-09-05 23:49 - 2017-03-15 20:33 - 000004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460828995 2017-09-05 23:49 - 2016-11-06 20:28 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-09-05 23:49 - 2016-11-06 20:27 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-09-05 23:49 - 2015-01-11 14:27 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-09-05 23:30 - 2016-10-29 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-05 13:51 - 2017-06-06 10:24 - 000061304 _____ () C:\WINDOWS\SMSS-PFRO62ff.tmp 2017-09-05 10:45 - 2016-07-16 07:36 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-08-28 22:58 - 2014-01-17 18:07 - 000002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-28 10:44 - 2014-01-10 23:37 - 000000000 ____D C:\Users\mmv\AppData\Local\Packages 2017-08-24 22:43 - 2015-12-05 23:22 - 001388710 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-08-24 22:40 - 2013-11-21 04:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-08-22 11:33 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\rescache 2017-08-20 11:18 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF 2017-08-20 11:17 - 2016-07-27 19:34 - 000002347 _____ C:\Users\mmv\Desktop\Google Chrome.lnk 2017-08-20 11:15 - 2014-01-10 22:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-08-20 11:04 - 2016-10-29 12:45 - 000231288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ___RD C:\Program Files\Windows Defender 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\Provisioning 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\bcastdvr 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files\Common Files\System 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-08-18 23:03 - 2016-07-16 07:47 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2017-08-18 12:03 - 2015-01-11 14:29 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-08-09 13:12 - 2014-07-09 11:10 - 001015880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd055f199da44c6e9.tm p 2017-08-09 13:12 - 2014-07-09 11:10 - 000146704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8468ad59e3de705b.tm p 2017-08-09 10:07 - 2014-01-12 09:25 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-08-09 10:02 - 2014-01-12 09:25 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-08-09 09:29 - 2013-09-12 23:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-08-07 10:02 - 2017-08-04 21:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys.1501896641 17102.150211475157802 ==================== Files in the root of some directories ======= 2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2017-08-05 19:30 - 2017-08-05 19:30 - 000003584 _____ () C:\Users\mmv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-10-29 12:49 - 2016-10-29 12:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll 2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe 2017-02-01 15:36 - 2017-02-01 15:36 - 012788328 _____ (Google Inc.) C:\Users\mmv\AppData\Local\Temp\{459168BF-EA4D-4AAF-B8D8-28FC5F911D8C}-56.0.2924.87_55.0.2883.87_chrome_updater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-05 12:16 ==================== End of FRST.txt ============================ |
#6
|
||||
|
||||
Farber Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by mmv (06-09-2017 18:33:04) Running from C:\Users\mmv\Desktop Windows 10 Home Version 1607 (X64) (2016-10-29 17:42:38) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-3990455747-1832288268-4293809508-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3990455747-1832288268-4293809508-503 - Limited - Disabled) Guest (S-1-5-21-3990455747-1832288268-4293809508-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3990455747-1832288268-4293809508-1003 - Limited - Enabled) mmv (S-1-5-21-3990455747-1832288268-4293809508-1001 - Administrator - Enabled) => C:\Users\mmv ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.22) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks) Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software) Bejeweled 3 (HKLM-x32\...\WTA-dda3f77c-cb96-4755-9f58-5a2458b928d8) (Version: 2.2.0.97 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) King Oddball (HKLM-x32\...\WTA-69c6a825-b788-4c64-b33b-495b9f9226a7) (Version: 3.0.2.48 - WildTangent) Hidden Madden NFL 2003 (HKLM-x32\...\{026AFFA3-5865-4FC5-00B2-56B4A738109C}) (Version: - ) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4953.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-09efd339-a54e-4e8e-adc8-d6a7a3ee92ab) (Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation) TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.) Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.) TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation) TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.50.2 - Toshiba Corporation) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-23] (AVAST Software) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {19FCBF20-AAD0-4326-9C9D-B6B111C4F6EE} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] () Task: {1D9A7044-E135-4255-8F2A-DD889F8A5B03} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\mmv\AppData\Local\Microsoft\OneDrive\17.3 .6517.0809\OneDriveStandaloneUpdater.exe Task: {1DBF67AB-6B12-4EFA-89EE-97F5B1B7C39B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-14] (AVAST Software) Task: {20E42DF7-FFA7-4305-9287-F8BA89993783} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {346212C6-2CC8-46C8-9C42-32AD4EEB10D8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {6D626C4B-5EED-4374-A2DD-2DAA6A57E701} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {6EF96B2E-14FE-475C-A20D-1CEC3C680E05} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {8B292912-F8CF-4671-B16A-0F9C7F2B6D1B} - System32\Tasks\{A06EC42C-3312-4AD3-9FF3-29B5BF440460} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?source=lightinstaller&page=tsInstal l Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {B3476D9B-731E-4F1A-8FF9-686159EB8E73} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor) Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D3176786-7091-42DE-83DF-49A69D7816C4} - System32\Tasks\SafeZone scheduled Autoupdate 1460828995 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software) Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {E41F49D9-71D9-49D3-94F2-17259C7EE808} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {E46616D8-3BC4-44EE-A825-9393FEF4F754} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation) Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F18FB778-6974-45DE-9402-9D79475EF281} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-09-06] (AVAST Software) Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {F2D1DB3A-4038-447B-A090-1336B540A630} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-14 14:05 - 2017-06-21 03:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2013-08-30 23:47 - 2013-08-30 23:47 - 000099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-12-17 19:38 - 2015-12-17 19:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-16 19:22 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2017-03-22 19:46 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-10-29 16:33 - 2016-10-29 16:33 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll 2017-03-14 22:20 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-05-27 12:46 - 2015-05-27 12:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2017-03-14 22:16 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll 2017-03-14 22:16 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll 2017-03-14 22:16 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll 2017-08-18 12:04 - 2017-03-04 02:05 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll 2017-08-18 12:04 - 2017-08-01 14:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll 2017-08-18 12:04 - 2017-08-01 14:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll 2012-07-18 19:38 - 2012-07-18 19:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2017-07-23 11:30 - 2017-07-23 11:30 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-07-23 11:31 - 2017-07-23 11:31 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-07-23 11:31 - 2017-07-23 11:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-07-23 11:31 - 2017-07-23 11:31 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-07-23 11:31 - 2017-07-23 11:31 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-07-23 11:30 - 2017-07-23 11:30 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-07-23 11:31 - 2017-07-23 11:31 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-09-06 18:18 - 2017-09-06 18:18 - 000098816 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32api .pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000110080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pywintyp es27.dll 2017-09-06 18:18 - 2017-09-06 18:18 - 000364544 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pythonco m27.dll 2017-09-06 18:18 - 2017-09-06 18:18 - 000320512 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32com .shell.shell.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000914432 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_hashlib .pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 001176576 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._core _.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000806400 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._gdi_ .pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000816128 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._wind ows_.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 001067008 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._cont rols_.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000733184 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._misc _.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000682496 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pysqlite 2._sqlite.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000088064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_ctypes. pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000686080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\unicoded ata.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000119808 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32fil e.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000108544 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32sec urity.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000007168 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\hashobjs _ext.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000017920 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\thumbnai ls_ext.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000088064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\usb_ext. pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000012800 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\common.t ime34.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000018432 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32eve nt.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000167936 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32gui .pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000046080 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_socket. pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 001303552 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_ssl.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000128512 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_element tree.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000127488 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\pyexpat. pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000038912 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32ine t.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000036864 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_psutil_ windows.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000524248 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\windows. _lib_cacheinvalidation.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000011264 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32cry pt.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000123392 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._wiza rd.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000077312 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._html 2.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000027648 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_multipr ocessing.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000020480 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\_yappi.p yd 2017-09-06 18:18 - 2017-09-06 18:18 - 000035840 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pro cess.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000078848 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\wx._anim ate.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000024064 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pip e.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000010240 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\select.p yd 2017-09-06 18:18 - 2017-09-06 18:18 - 000025600 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pdh .pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000017408 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32pro file.pyd 2017-09-06 18:18 - 2017-09-06 18:18 - 000022528 ____R () C:\Users\mmv\AppData\Local\Temp\_MEI60962\win32ts. pyd 2017-06-19 20:52 - 2017-06-19 20:52 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mmv\AppData\Local\Packages\Microsoft.Wind ows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackg round\{2a11f3cd-8fd8-4680-bd70-c44288bab19e}.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk" HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B8E046E3-B976-4A36-832A-88C185BB0817}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{540E13A1-5817-49F2-8580-F5731F6F99AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D726649B-EF01-4BD8-B5C8-D650893E6EDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{970FE7A2-F930-471A-8E7E-3FA7A7215C9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A056DAC8-7F87-4DB1-B584-E72D89B49685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{38FA54D8-6350-4E2B-8FC3-DAA1A2CA4D2A}] => (Allow) C:\Users\mmv\AppData\Local\Microsoft\SkyDrive\SkyD rive.exe FirewallRules: [TCP Query User{7DC284C1-FCD5-4B3F-B0CF-7CB26D1383B9}C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe] => (Allow) C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe FirewallRules: [UDP Query User{FADFAAA6-5EBE-44A3-A021-65F6C31E5C4F}C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe] => (Allow) C:\program files (x86)\ea sports\madden nfl 2003\mainapp.exe FirewallRules: [TCP Query User{03968B6B-5A7A-44C8-BD8A-78327F2F25A3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9AF87140-2632-46E1-A73D-C55B24BB8B68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED0395A2-C501-4CAF-8A9A-81E794BC47B0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{12923527-C1EF-4A5F-84AB-35B5D1D747C8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{77129D7E-D33F-4BA7-8B2D-DD18099D17E5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{811C05C4-2E95-45F2-83A5-4D802CFB2278}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{507878A5-AB23-4E10-AEAE-6ED94153864E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe FirewallRules: [{B4EC2E45-2263-4A33-97A0-743A2CDBEA2E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FF869005-16B4-4205-B22C-1F3D127D8337}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe ==================== Restore Points ========================= 16-08-2017 12:11:58 Windows Update 28-08-2017 23:35:54 Scheduled Checkpoint 05-09-2017 10:43:11 Windows Update ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2017 06:19:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1. Parameter name: dueTime Stack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (09/06/2017 05:54:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PrintDialog.exe, version: 10.0.14393.0, time stamp: 0x57899b7b Faulting module name: PrintDialog.dll, version: 10.0.14393.953, time stamp: 0x58ba5e12 Exception code: 0x80000003 Fault offset: 0x0000000000029eac Faulting process id: 0xf5c Faulting application start time: 0x01d3275a9dd4b745 Faulting application path: C:\WINDOWS\PrintDialog\PrintDialog.exe Faulting module path: C:\Windows\PrintDialog\PrintDialog.dll Report Id: ed2328d4-58fe-42b4-af61-91dd01367124 Faulting package full name: Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h 2txyewy Faulting package-relative application ID: Microsoft.Windows.PrintDialog Error: (09/06/2017 05:16:05 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1. Parameter name: dueTime Stack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (09/05/2017 11:33:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1. Parameter name: dueTime Stack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1594 Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1594 Error: (09/05/2017 11:46:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9203 Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9203 Error: (09/05/2017 11:35:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (09/06/2017 06:17:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/06/2017 06:15:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/06/2017 06:15:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). Error: (09/06/2017 06:15:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-03-15 20:41:27.913 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 20:41:27.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics Percentage of memory in use: 49% Total physical RAM: 3534.26 MB Available physical RAM: 1787.92 MB Total Virtual: 5966.26 MB Available Virtual: 4008.66 MB ==================== Drives ================================ Drive c: (TI10673700F) (Fixed) (Total:688.5 GB) (Free:404.38 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ |
#7
|
||||
|
||||
Hi pkme,
Thanks for the logs. Please uninstall: Norton Anti-Theft + Adobe reader X ------------------------------------------------- Run Webroot Uninstall tool: https://www.webroot.com/prodCheck/?p...1&osl=en&errid or; http://www.carrona.org/avuninst.html ================================================== ===== Run FRST fixlist: Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop. Please open notepad (Start > All Programs > Accessories > Notepad) Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad. Save it to the Desktop, and name it: fixlist.txt Code:
CloseProcesses: CreateRestorePoint: Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION C:\Users\mmv\AppData\Local\Temp HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL = SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html" CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> Zip: C:\WINDOWS\system32\Drivers\lpsport.sys C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll 2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk" HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk" Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\"Install Webroot IE RunOnce.lnk" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk" EmptyTemp: Running this on another computer may cause damage to the Operating System. Now, please run FRST, and press theFix button, just once, and wait. When done, the tool creates a report on the Desktop called: Fixlog.txt >> Please post the Fixlog.txt in your reply. ================================================== ====== Scan with Malwarebytes Antimalware: Please download (Version 2.2) Malwarebytes Anti-Malware to your desktop.
Any issue ? |
#8
|
||||
|
||||
Improving already--thanks! Olgun, I will probably not have time to work on this until next week, as I have a very busy travel schedule. I just did not want you to think I was ignoring you. I will get on this as soon as I can, but you may not hear back from me until next week.
Thanks again! ~pk |
#9
|
||||
|
||||
Thank you for the information
|
#10
|
||||
|
||||
Results
Hi Olgun-
Thanks for your patience. I am back in town and have worked on the instructions you gave me. I did not find Norton Anti-Theft or Webroot listed under programs on the control panel. I did find Adobe Reader (although it was XI and not X), and I uninstalled that. Here is the Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017 Ran by mmv (11-09-2017 11:47:40) Run:1 Running from C:\Users\mmv\Desktop Loaded Profiles: mmv (Available Profiles: mmv) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {005A614B-9B3E-4C92-B300-ED3D5708CE03} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {04E5077C-A16B-466A-AD3D-260688E2852D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION Task: {0C410476-9D8A-4D56-9C34-792A9B33312D} - System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {1939CE1F-14DE-439D-8A1B-028C91CA4144} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2304F0EA-EB63-47F3-9FB0-B381727B1932} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION Task: {2A62D0B4-B4EC-4AA3-AC9C-11279E81FEF7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3B6C3980-D309-4F3D-A04A-F5D238580431} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5201C4DB-911A-4315-909D-3B527D6E506B} - \WPD\SqmUpload_S-1-5-21-3990455747-1832288268-4293809508-1001 -> No File <==== ATTENTION Task: {615B07C6-B812-4EC7-B5D7-FFD3013EAC86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {619543C3-10E6-4451-BE50-8AFE1157E1B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {75103446-C78B-4790-8A97-AA425498C419} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {8E36B2C3-E781-4D58-A779-FDF121AA8132} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {9609D995-C8CF-4836-AAE5-77EF54D9C376} - System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.2.0.103&La stError=12002 Task: {BD2E4D14-828C-4CCA-8D72-7F9A17B52550} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BEA825C7-725F-4720-8243-4B9C4443B044} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {C50AE9C4-6DC4-4057-8E9E-ADE27402002B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {DA0061CF-5AE8-4251-8FC3-401DBA27ECFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION Task: {DED4ADF3-9DB4-4BC7-9CBC-AEDFB1F8D50E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F0AE9EF8-C3AB-4EF3-90E6-2074058DDA63} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {F2540F99-E83D-49DD-AEE1-F4040AEFBC85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-01] (Microsoft Corporation) <==== ATTENTION C:\Users\mmv\AppData\Local\Temp HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {74732A63-A99E-4479-87CA-6B710BDA0071} URL = SearchScopes: HKU\S-1-5-21-3990455747-1832288268-4293809508-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File CHR NewTab: Default -> Not-active:"chrome-extension://nldfpkbofmebiaoaflmifbmblppieefk/newtab.html" CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> Zip: C:\WINDOWS\system32\Drivers\lpsport.sys C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-01-17 16:51 - 2014-01-17 16:51 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2017-02-16 21:06 - 2017-02-16 21:06 - 000008192 _____ () C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll 2017-04-29 15:30 - 2017-04-29 15:30 - 014456872 _____ (Microsoft Corporation) C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk" HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk" Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder\ "Install Webroot IE RunOnce.lnk" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk" EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{005A61 4B-9B3E-4C92-B300-ED3D5708CE03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{005A61 4B-9B3E-4C92-B300-ED3D5708CE03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E507 7C-A16B-466A-AD3D-260688E2852D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E507 7C-A16B-466A-AD3D-260688E2852D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfigandco ntent => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C4104 76-9D8A-4D56-9C34-792A9B33312D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C4104 76-9D8A-4D56-9C34-792A9B33312D} => key removed successfully C:\WINDOWS\System32\Tasks\{17169277-FBBE-417C-838B-340D3356EE04} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1716927 7-FBBE-417C-838B-340D3356EE04} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1939CE 1F-14DE-439D-8A1B-028C91CA4144} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1939CE 1F-14DE-439D-8A1B-028C91CA4144} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2304F0 EA-EB63-47F3-9FB0-B381727B1932} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2304F0 EA-EB63-47F3-9FB0-B381727B1932} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\refreshgwxcon fig-B => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A62D0 B4-B4EC-4AA3-AC9C-11279E81FEF7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A62D0 B4-B4EC-4AA3-AC9C-11279E81FEF7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B6C39 80-D309-4F3D-A04A-F5D238580431} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6C39 80-D309-4F3D-A04A-F5D238580431} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5201C4 DB-911A-4315-909D-3B527D6E506B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5201C4 DB-911A-4315-909D-3B527D6E506B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmU pload_S-1-5-21-3990455747-1832288268-4293809508-1001 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615B07 C6-B812-4EC7-B5D7-FFD3013EAC86} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615B07 C6-B812-4EC7-B5D7-FFD3013EAC86} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Cleanup => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Cleanup => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{619543 C3-10E6-4451-BE50-8AFE1157E1B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{619543 C3-10E6-4451-BE50-8AFE1157E1B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\Time-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{751034 46-C78B-4790-8A97-AA425498C419} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751034 46-C78B-4790-8A97-AA425498C419} => key removed successfully C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Processor => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E36B2 C3-E781-4D58-A779-FDF121AA8132} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E36B2 C3-E781-4D58-A779-FDF121AA8132} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Verification => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Verification => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9609D9 95-C8CF-4836-AAE5-77EF54D9C376} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9609D9 95-C8CF-4836-AAE5-77EF54D9C376} => key removed successfully C:\WINDOWS\System32\Tasks\{C3638517-A53F-43BA-819A-92C876FA96B7} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C363851 7-A53F-43BA-819A-92C876FA96B7} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2E4D 14-828C-4CCA-8D72-7F9A17B52550} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2E4D 14-828C-4CCA-8D72-7F9A17B52550} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxconfig => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEA825 C7-725F-4720-8243-4B9C4443B044} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEA825 C7-725F-4720-8243-4B9C4443B044} => key removed successfully C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C50AE9 C4-6DC4-4057-8E9E-ADE27402002B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C50AE9 C4-6DC4-4057-8E9E-ADE27402002B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\launchtrayprocess => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA0061 CF-5AE8-4251-8FC3-401DBA27ECFB} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA0061 CF-5AE8-4251-8FC3-401DBA27ECFB} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Cache Maintenance => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Cache Maintenance => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DED4AD F3-9DB4-4BC7-9CBC-AEDFB1F8D50E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED4AD F3-9DB4-4BC7-9CBC-AEDFB1F8D50E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0AE9E F8-C3AB-4EF3-90E6-2074058DDA63} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0AE9E F8-C3AB-4EF3-90E6-2074058DDA63} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\refreshgwxcontent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2540F 99-E83D-49DD-AEE1-F4040AEFBC85} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2540F 99-E83D-49DD-AEE1-F4040AEFBC85} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Window s Defender\Windows Defender Scheduled Scan => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Defender\Windows Defender Scheduled Scan => key removed successfully C:\Users\mmv\AppData\Local\Temp => moved successfully HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74732A63-A99E-4479-87CA-6B710BDA0071} => key removed successfully HKLM\Software\Classes\CLSID\{74732A63-A99E-4479-87CA-6B710BDA0071} => key not found. HKU\S-1-5-21-3990455747-1832288268-4293809508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully HKLM\Software\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully HKLM\Software\Classes\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully HKLM\Software\Classes\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found. Chrome NewTab => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gomekmidlodglbbmalcneegieacbdmki => key removed successfully ================== Zip: =================== C:\WINDOWS\system32\Drivers\lpsport.sys -> copied successfully to C:\Users\mmv\Desktop\11.09.2017_11.50.50.zip =========== Zip: End =========== "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk" => not found. C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully "C:\Users\mmv\AppData\Local\Temp\ttywtuii.dll" => not found. "C:\Users\mmv\AppData\Local\Temp\vc_redist.x86.exe " => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk => not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder\\Install Webroot IE RunOnce.lnk => value removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk => not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder\\Install Webroot FF RunOnce.lnk => value removed successfully ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot IE RunOnce.lnk /f ========= ERROR: Invalid syntax. Type "REG DELETE /?" for usage. ========= End of Reg: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder /v Install Webroot FF RunOnce.lnk /f ========= ERROR: Invalid syntax. Type "REG DELETE /?" for usage. ========= End of Reg: ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder\ "Install Webroot IE RunOnce.lnk" => Error: No automatic fix found for this entry. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\StartupApproved\StartupFolder/"Install Webroot FF RunOnce.lnk" => Error: No automatic fix found for this entry. =========== EmptyTemp: ========== BITS transfer queue => 1122144 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 260063051 B Java, Flash, Steam htmlcache => 54437 B Windows/system/drivers => 130651671 B Edge => 60061373 B Chrome => 370747590 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 961623 B NetworkService => 15714396 B mmv => 10827649 B RecycleBin => 3514680670 B EmptyTemp: => 4.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:56:42 ==== |
#11
|
||||
|
||||
Malwarebytes
Here is the Malwarebytes scan log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/11/2017 Scan Time: 12:11 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.09.11.08 Rootkit Database: v2017.08.02.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: mmv Scan Type: Threat Scan Result: Completed Objects Scanned: 328661 Time Elapsed: 28 min, 34 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) |
#12
|
||||
|
||||
more Malwarebytes
And, just in case you need it, here is the protection log:
Malwarebytes Anti-Malware www.malwarebytes.org Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Remediation Database, 2016.2.12.1, 2017.9.1.1, Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Rootkit Database, 2016.2.8.1, 2017.8.2.1, Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, IP Database, 2016.2.8.1, 2017.9.11.2, Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Domain Database, 2016.2.16.8, 2017.9.11.4, Update, 9/11/2017 12:11 PM, SYSTEM, MMV-PC, Manual, Malware Database, 2016.2.16.6, 2017.9.11.8, Scan, 9/11/2017 12:40 PM, SYSTEM, MMV-PC, Manual, Start:9/11/2017 12:11 PM, Duration:28 min 34 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end) |
#13
|
||||
|
||||
I have not used this laptop for anything other than running these scans, so I have not noticed any issues. I am going to do some work on it now. I'll let you know if I have any problems.
Thanks again! ~pk |
#14
|
||||
|
||||
Quote:
=================================== Your Adobe Reader X is out of date. Older versions may have vulnerabilities that malware can use to infect your system. Please download Adobe Acrobat Reader DC to your PC's desktop.
================================================== ======================== Quote:
Do you update your operating system? ================================================== ====== Please do this;
Please do check Webroot and for Norton anti theft. Please boot the device in safe mode. -> Click start -> Computer -> open C: Folder -> Program files ( X 86) -> Search for Norton anti theft. Then right click on it & uninstall it. -> Then click Start and Run. -> Type regedit -> Clt+F -> Type in "Norton" -> Delete all that comes up -> F3 + Enter -> Delete what ever comes up -> keep on doing this till all Norton files are removed. -> Reboot it in normal mode and check. =========================== Please post a fresh FRST logfile for my check. |
#15
|
||||
|
||||
Hi Olgun-
I had some troubles with the latest instructions that you gave me. - I could not find Adobe Reader in the program list or on a search of the computer. I did install Adobe Reader DC. - I have not done any updating on this laptop, as it was my husband's, and I only recently began using it. I am certain that he never updated anything. Can you please tell me how to update the drivers? I opened the control panel, but I do not see an "Update Driver" option, and I cannot find the Hardware Update wizard. I have attached a screenshot of what I'm looking at, so I hope that will enable you to help me. - I tried to update the OS, but it is also not working. It says that updates are available, but downloading is just hanging at 0%. - I booted the laptop in safe mode, but Norton R&R would not open. I was able to run it once I got back in normal mode. - While in safe mode, I searched but did not find Norton anti theft. I did find Symantic.nortonstudio, and I was able to delete a few of those, but 2 were left that I was unable to delete. I did also find webroot once, and I deleted that. - I ran a new FRST scan. I will report the results in the following post. Thanks for all of your help. ~pk |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Dropped a heavy object on laptop, Laptop starts randomly shutting down | yvsandeep | Hardware | 3 | May 27th, 2009 07:53 AM |
Epson SX600FW set up to Dell laptop fine but won't print from HP laptop (Windows XP) | LouG | Networking | 0 | April 30th, 2009 11:37 AM |
Roommate's dog chewed up laptop adapter, now laptop will not turn on | jds2006 | Hardware | 3 | February 13th, 2008 06:21 AM |
Anything salvageable? | atarah | Hardware | 9 | August 5th, 2006 12:14 AM |
laptop screen turned black but laptop still running | anetry | Windows XP | 2 | March 18th, 2006 05:32 PM |
All times are GMT +1. The time now is 06:08 AM.