Slow
Results 1 to 14 of 14

Thread: Slow

  1. #1
    Join Date
    Jan 2006
    Posts
    400

    Slow

    My mom has been using my laptop lately and downloading games to play. Since she has everything has slowed down substantially! Here are the scans.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
    Ran by Michelle (administrator) on TOSHIBA (21-06-2018 11:56:58)
    Running from C:\Users\owner\Desktop
    Loaded Profiles: Michelle (Available Profiles: Michelle)
    Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44429\bittorrentie.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44429\bittorrentie.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44429\bittorrentie.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\Install\{67660D67-1B04-4F9F-AA7D-2C397DEF8798}\67.0.3396.87_66.0.3359.181_chrome_updater.exe
    (Google Inc.) C:\Windows\Temp\CR_3F1A9.tmp\setup.exe
    (Google Inc.) C:\Windows\Temp\CR_3F1A9.tmp\setup.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\sbr.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
    (AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.9330.2124\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_12050926\instup.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.428_none_1704c21831ffb4a8\TiWorker.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-27] ()
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
    HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\Run: [BitTorrent] => C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe [2158016 2018-05-25] (BitTorrent Inc.)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\owner\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\owner\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-29]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
    Tcpip\..\Interfaces\{717f16d0-e06e-4647-bbba-6803519c745c}: [DhcpNameServer] 40.41.1.201 40.41.1.203
    Tcpip\..\Interfaces\{831d5904-cd77-4064-a2f9-4a901e98c990}: [DhcpNameServer] 192.168.2.1 142.166.166.166

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-05-18] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-01] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-01] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-01] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-01] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1316781583-3396751613-3651002200-1001: @citrixonline.com/appdetectorplugin -> C:\Users\owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-04] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2018-05-11]
    CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-19]
    CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-19]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-19]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-19]
    CHR Extension: (Avast SafePrice) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-19]
    CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-19]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-11]
    CHR Extension: (Avast Online Security) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-19]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-19]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-19]
    CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-19]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-03-13] () [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-27] (AVAST Software)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-11] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-27] (AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-11] (AVAST Software)
    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-05-21] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
    R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [217824 2013-03-21] (AppEx Networks Corporation)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-27] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-21] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-21] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-21] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-21] (AVAST Software)
    S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-21] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-21] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-21] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-21] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-21] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [463080 2018-06-21] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-21] (AVAST Software)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-08] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-08] (Disc Soft Ltd)
    S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-30] (Symantec Corporation)
    R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-09-29] (Realtek Semiconductor Corporation )
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-21 11:57 - 2018-06-21 11:56 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-06-21 11:57 - 2018-06-21 11:56 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-06-21 11:56 - 2018-06-21 11:59 - 000018344 _____ C:\Users\owner\Desktop\FRST.txt
    2018-06-21 11:56 - 2018-06-21 11:56 - 000000000 ____D C:\FRST
    2018-06-21 11:55 - 2018-06-21 11:55 - 002412544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
    2018-05-22 11:08 - 2018-05-22 11:08 - 000000000 ____D C:\Users\owner\AppData\Local\Nancy Drew
    2018-05-22 09:39 - 2018-05-22 09:39 - 000000000 ____D C:\Users\owner\AppData\Roaming\Artifex Mundi

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-21 12:00 - 2018-01-05 23:05 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E48A19E-4568-4ED9-997D-BA22E1367C5E}
    2018-06-21 12:00 - 2016-05-26 15:22 - 000000000 ____D C:\Users\owner\AppData\Roaming\BitTorrent
    2018-06-21 11:58 - 2018-01-05 23:05 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-06-21 11:57 - 2017-09-29 11:16 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-06-21 11:56 - 2017-12-30 23:43 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-06-21 11:56 - 2017-12-30 23:43 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-06-21 11:55 - 2017-12-30 23:43 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-06-21 11:55 - 2017-09-29 11:16 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-06-21 11:54 - 2017-12-30 23:43 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-06-21 11:53 - 2017-12-30 23:43 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-06-21 11:53 - 2017-12-30 23:43 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-06-21 11:53 - 2017-12-30 23:43 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-06-21 11:53 - 2017-12-30 23:43 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-06-21 11:53 - 2017-10-09 14:40 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-06-21 11:47 - 2018-01-05 23:05 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-06-21 11:47 - 2016-05-25 20:41 - 000002378 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-06-21 11:47 - 2016-05-25 20:41 - 000000000 ___RD C:\Users\owner\OneDrive
    2018-06-21 11:46 - 2016-12-09 22:22 - 000000000 ____D C:\ProgramData\Big Fish
    2018-06-21 11:46 - 2016-12-09 22:22 - 000000000 ____D C:\BigFishCache
    2018-06-21 11:43 - 2018-04-08 21:04 - 000000000 ____D C:\Users\owner\AppData\LocalLow\BitTorrent
    2018-06-21 11:42 - 2018-01-05 23:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2018-06-21 11:39 - 2017-09-29 11:16 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-06-21 11:37 - 2018-01-05 23:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-06-21 11:37 - 2018-01-05 22:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-05-30 05:01 - 2013-06-23 06:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2018-05-28 05:51 - 2016-12-09 22:23 - 000000000 ____D C:\ProgramData\TEMP
    2018-05-27 11:20 - 2017-12-30 23:43 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw66fe374a8ae26fd2.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw197fb899d2ebf32c.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asweb6b5185658e1a78.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw75c2023f9cf2b18c.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 9d9ec01e55c8196.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw734ad9d5405fc9d6.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswdee89cedf9c26b94.tmp
    2018-05-27 11:20 - 2017-12-30 23:43 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw21286e9af1362990.tmp
    2018-05-27 11:19 - 2018-01-05 23:03 - 000942278 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-05-27 11:19 - 2017-12-30 23:43 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw22c0f0f550dbdd98.tmp
    2018-05-27 11:19 - 2017-10-09 14:40 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw437de8b0f6d3328c.tmp
    2018-05-27 11:09 - 2017-05-04 13:12 - 000000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job
    2018-05-27 11:09 - 2017-05-04 13:12 - 000000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job
    2018-05-26 18:12 - 2017-01-01 20:50 - 000000000 ____D C:\Users\owner\AppData\Roaming\Elephant Games
    2018-05-25 12:01 - 2017-01-17 10:11 - 000000000 ____D C:\Users\owner\AppData\Roaming\Eipix
    2018-05-25 08:58 - 2017-09-29 11:16 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-05-25 08:57 - 2016-05-26 15:23 - 000000927 _____ C:\Users\owner\Desktop\BitTorrent.lnk
    2018-05-25 08:57 - 2016-05-26 15:23 - 000000907 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2018-05-23 06:06 - 2018-01-05 23:05 - 000003812 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-05-23 06:06 - 2018-01-05 23:05 - 000003716 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-05-23 06:06 - 2017-07-09 00:13 - 000000000 ____D C:\Users\owner\AppData\Local\GoToMeeting

  2. #2
    Join Date
    Jan 2006
    Posts
    400
    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-21 19:59

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
    Ran by Michelle (21-06-2018 12:01:04)
    Running from C:\Users\owner\Desktop
    Windows 10 Home Version 1709 16299.431 (X64) (2018-01-06 01:38:15)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1316781583-3396751613-3651002200-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1316781583-3396751613-3651002200-1002 - Limited - Enabled)
    DefaultAccount (S-1-5-21-1316781583-3396751613-3651002200-503 - Limited - Disabled)
    Guest (S-1-5-21-1316781583-3396751613-3651002200-501 - Limited - Disabled)
    Michelle (S-1-5-21-1316781583-3396751613-3651002200-1001 - Administrator - Enabled) => C:\Users\owner
    WDAGUtilityAccount (S-1-5-21-1316781583-3396751613-3651002200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{931B988B-0973-0DF5-C3B7-572935D34DCD}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.2.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4840 - AVAST Software)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 65.1.470.182 - AVAST Software)
    BitTorrent (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\BitTorrent) (Version: 7.10.3.44429 - BitTorrent Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.19.52 - Conexant)
    Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
    Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    GoToMeeting 8.28.0.8847 (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\GoToMeeting) (Version: 8.28.0.8847 - LogMeIn, Inc.)
    Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41504) (Version: 3.8.0.41504.23 - Intel)
    iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9226.2156 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9226.2156 - Microsoft Corporation) Hidden
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.4.6405 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 4.0.5.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.03.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
    WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-27] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-27] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-27] (AVAST Software)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-27] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-27] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D21B380-0055-40C0-B24A-CCA590402998} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-11] (AVAST Software)
    Task: {259D66C1-9CDD-4F1E-9524-57D482BBFC72} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-05-21] (AVAST Software)
    Task: {26BBA1F0-5DE1-4531-B7B8-91F2B5B35A6F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
    Task: {2F82635E-87D6-4C7D-9F4A-4E821FD1541D} - System32\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001 => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupload.exe [2018-05-23] (LogMeIn, Inc.)
    Task: {305EA473-F316-4577-A260-E0BBAF871308} - System32\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001 => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupdate.exe [2018-05-23] (LogMeIn, Inc.)
    Task: {321957E6-BA5B-49AE-BE2E-4C37D0DF4284} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
    Task: {373F3EDC-D083-435E-92A3-C0E80A5662DB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-11] (AVAST Software)
    Task: {3E0CA981-F69A-4464-ACF9-25B670313601} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-21] (AVAST Software)
    Task: {3FF140A7-8618-4A7F-8928-5F245C5C32D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {4A81D542-1BB3-4C83-BC8F-3668B82601E8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
    Task: {4C8D64D7-AB36-433E-94ED-1D8B703A3655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-19] (Google Inc.)
    Task: {57D65518-E897-4C08-9B23-5A87EA2756F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {688CCA52-411A-4506-91D4-836AB8627D34} - \WPD\SqmUpload_S-1-5-21-1316781583-3396751613-3651002200-1001 -> No File <==== ATTENTION
    Task: {ADE8A0AD-C491-45F1-9096-C81B67C3D64B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-12] (Microsoft Corporation)
    Task: {AEAA20AE-E8F8-4EE4-87CF-0BD6EAA58D9B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
    Task: {B6D81361-541A-45F2-9B8D-1C7313A32768} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
    Task: {BD7DC9AC-F5C0-4FBE-AFF0-5912BB496E04} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-18] (Microsoft Corporation)
    Task: {C0867B08-D31D-465E-A476-C32A6CD179AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-05-10] (AVAST Software)
    Task: {D4762CF7-9E06-4F2F-A8C5-F5E40D7C94B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
    Task: {D63FC969-324C-45FB-9BBC-E015542A6F89} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-18] (Microsoft Corporation)
    Task: {D724964C-D16A-49AD-BC61-173F02DAD738} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
    Task: {EDDAD226-FFE6-45D4-8085-8E62EA202673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-19] (Google Inc.)
    Task: {FB0C8CFF-218B-403F-AF01-2DB2733B89BD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupload.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-09-29 11:11 - 2017-09-29 11:11 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-03-13 04:55 - 2013-03-13 04:55 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2018-02-28 13:43 - 2018-02-28 13:44 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-02-28 13:43 - 2018-02-28 13:44 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-02-28 13:43 - 2018-02-28 13:44 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-10-21 17:03 - 2017-10-21 17:03 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-02-28 13:43 - 2018-02-28 13:44 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-05-21 17:55 - 2018-05-21 17:55 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2017-12-30 23:18 - 2017-12-30 23:18 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2017-12-30 23:18 - 2017-12-30 23:18 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2012-07-18 23:08 - 2012-07-18 23:08 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-04-09 17:37 - 2018-02-21 21:56 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2018-04-09 17:35 - 2018-02-21 21:51 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-29 17:52 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
    2018-04-06 10:13 - 2018-04-06 10:13 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-05-27 11:19 - 2018-05-27 11:19 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-05-27 11:19 - 2018-05-27 11:19 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:011957C3 [494]
    AlternateDataStreams: C:\ProgramData\TEMP:1AAE1596 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:1EEF2E2E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:360099BE [532]
    AlternateDataStreams: C:\ProgramData\TEMP:46CDAE37 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:4BC45553 [528]
    AlternateDataStreams: C:\ProgramData\TEMP:4EE5E364 [472]
    AlternateDataStreams: C:\ProgramData\TEMP:4FE3FB06 [504]
    AlternateDataStreams: C:\ProgramData\TEMP:5065B53D [478]
    AlternateDataStreams: C:\ProgramData\TEMP:565D4B03 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:5662D042 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:574B5728 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:577A1FF0 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:6522294D [500]
    AlternateDataStreams: C:\ProgramData\TEMP:73C1C1FA [488]
    AlternateDataStreams: C:\ProgramData\TEMP:84DC07A0 [514]
    AlternateDataStreams: C:\ProgramData\TEMP:8732B03A [508]
    AlternateDataStreams: C:\ProgramData\TEMP:A543EB0F [528]
    AlternateDataStreams: C:\ProgramData\TEMP:A694F56D [530]
    AlternateDataStreams: C:\ProgramData\TEMP:B4941957 [480]
    AlternateDataStreams: C:\ProgramData\TEMP:BB6E0C06 [488]
    AlternateDataStreams: C:\ProgramData\TEMP:BE4D8283 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:BF092123 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:BF9D6105 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:C8D3D71E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E [498]
    AlternateDataStreams: C:\ProgramData\TEMP211E75D [528]
    AlternateDataStreams: C:\ProgramData\TEMP:E8B7F91B [516]
    AlternateDataStreams: C:\ProgramData\TEMP:EA8E5358 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 [518]
    AlternateDataStreams: C:\ProgramData\TEMP:F2F0A8AC [528]
    AlternateDataStreams: C:\ProgramData\TEMP:F41B5978 [504]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 02:56 - 2012-07-26 02:56 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img11.jpg
    DNS Servers: 192.168.2.1 - 142.166.166.166
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{C191347B-81F3-4C0C-B902-39F7807C42CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{09221E56-7768-404E-9B31-191D61184942}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{F2F79E90-DAC0-4321-B915-4379E7080648}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{867CC6BC-EEAE-46F9-807A-AA3E169D7987}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{EDFC07E7-9FE3-4173-8EBB-2CCA9608D99B}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{711ADEFB-4947-4BC1-81DC-36B2FAA9C13D}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{76932916-8DBC-4064-B7BA-6544A7CAEF02}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{2C58A105-7A4D-405B-85B0-D32D5F35C9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{14705730-EB27-44EF-B15F-36DBBFB0EDA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8AAC46A3-E907-4C1D-9381-CB225CFE2343}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C4636DC7-E707-4B42-AAAE-64D089AA6F69}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{52F766FF-986C-4C1A-9632-5D3BE7EF7106}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    FirewallRules: [{6011DB37-341B-4A3C-BB4D-5A3570A9F1EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{E3842E4C-D85A-43AD-8C27-8FBD5B0C3E70}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{82DFCB07-58E2-4228-9659-839B29A20479}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    FirewallRules: [{4CBBAE6E-F8F6-4E42-B542-586EC16B14EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D79F9A0C-C3E7-4CB7-9C87-0F72286892C2}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D1BEA44F-3626-43A1-86E1-D6996560C604}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{1D039ABA-F399-4F57-A0F1-AD88E8252BC6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{E234B018-7157-42D7-B696-404948042A4C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

    ==================== Restore Points =========================

    26-05-2018 09:31:34 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/21/2018 11:45:57 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/21/2018 11:44:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/21/2018 11:43:25 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/21/2018 11:43:03 AM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_SNOOZED.

    Error: (06/21/2018 11:43:02 AM) (Source: SecurityCenter) (EventID: 16) (User: )
    Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_SNOOZED.

    Error: (05/29/2018 08:26:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (05/28/2018 07:47:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Toshiba)
    Description: Package Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (05/28/2018 07:47:38 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


    System errors:
    =============
    Error: (06/21/2018 12:01:32 PM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 12:01:15 PM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 12:01:11 PM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 11:53:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 11:49:36 AM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 11:45:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Downloaded Maps Manager service hung on starting.

    Error: (06/21/2018 11:44:54 AM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/21/2018 11:43:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Delivery Optimization service hung on starting.


    CodeIntegrity:
    ===================================

    Date: 2018-06-21 12:00:47.951
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 12:00:47.947
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 12:00:45.436
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 12:00:45.433
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 12:00:39.938
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 12:00:39.935
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 11:56:55.282
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-06-21 11:56:55.279
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 57%
    Total physical RAM: 5581.51 MB
    Available physical RAM: 2394.08 MB
    Total Virtual: 6477.51 MB
    Available Virtual: 3298.05 MB

    ==================== Drives ================================

    Drive c: (TI80145100B) (Fixed) (Total:917.12 GB) (Free:851.27 GB) NTFS
    Drive d: (JM_30DAY_SHRED) (CDROM) (Total:3.51 GB) (Free:0 GB) UDF

    \\?\Volume{d359d822-0348-4fa6-aa05-6c5a3369158d}\ (System) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
    \\?\Volume{6a79130f-7e1f-408a-b17e-e225ebbc801b}\ () (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
    \\?\Volume{4562764e-c12b-4c5a-a868-0a2055165916}\ () (Fixed) (Total:1 GB) (Free:0.46 GB) NTFS
    \\?\Volume{9de0ba6e-9faa-4838-88de-3e043ae3a730}\ (Recovery) (Fixed) (Total:12.02 GB) (Free:0.87 GB) NTFS
    \\?\Volume{5bc5dda1-22c7-11e6-9d8e-089e01ee9948}\ () (CDROM) (Total:0 GB) (Free:0 GB)
    \\?\Volume{5bc5dde2-22c7-11e6-9d8e-089e01ee9948}\ () (CDROM) (Total:0 GB) (Free:0 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: CC346632)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,359
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ======================================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  4. #4
    Join Date
    Jan 2006
    Posts
    400
    The RogueKiller scan happened a little differently than you outlined in your reply, so I've attached what I could find for the log. And Malwarebytes didn't find anything.

    RogueKiller V12.12.23.0 (x64) [Jun 18 2018] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.17134) 64 bits version
    Started in : Normal mode
    User : Michelle [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 06/22/2018 08:32:12 (Duration : 00:58:44)

    Processes : 0

    Registry : 3
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Replaced (http://www.microsoft.com/isapi/redir...r=6&ar=msnhome)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{717f16d0-e06e-4647-bbba-6803519c745c} | DhcpNameServer : 40.41.1.201 40.41.1.203 ([-][United States]) -> Replaced ()

    Tasks : 0

    Files : 0

    WMI : 0

    Hosts File : 0

    Antirootkit : 0 (Driver: Loaded)

    Web browsers : 0

    MBR Check :
    +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
    --- User ---
    [MBR] 5ec812c75ad5dd0e42f8e45e972d5e70
    [BSP] 6abbb674b67d49c2ce0be53ce820f860 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - | Offset (sectors): 34 | Size: 128 MB
    1 - | Offset (sectors): 264192 | Size: 1024 MB
    2 - | Offset (sectors): 2361344 | Size: 260 MB
    3 - | Offset (sectors): 2893824 | Size: 939127 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1926227968 | Size: 1020 MB
    5 - | Offset (sectors): 1928316928 | Size: 12308 MB
    User = LL1 ... OK
    User = LL2 ... OK

    # -------------------------------
    # Malwarebytes AdwCleaner 7.1.1.0
    # -------------------------------
    # Build: 04-27-2018
    # Database: 2018-06-19.4
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 06-22-2018
    # Duration: 00:00:08
    # OS: Windows 10 Home
    # Cleaned: 10
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKLM\Software\Wow6432Node\Trymedia Systems
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Deleted HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Deleted HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    Deleted HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted Ask

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************


    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,359
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  6. #6
    Join Date
    Jan 2006
    Posts
    400
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
    Ran by Michelle (administrator) on TOSHIBA (23-06-2018 13:22:36)
    Running from C:\Users\owner\Desktop
    Loaded Profiles: Michelle & (Available Profiles: Michelle)
    Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44495\bittorrentie.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44495\bittorrentie.exe
    (BitTorrent Inc.) C:\Users\owner\AppData\Roaming\BitTorrent\updates\7.10.3_44495\bittorrentie.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-29] (TOSHIBA Corporation)
    HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-21] (AVAST Software)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
    HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132117233\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132117858\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\Run: [BitTorrent] => C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe [2154176 2018-06-22] (BitTorrent Inc.)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\...\Run: [BitTorrent] => C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe [2154176 2018-06-22] (BitTorrent Inc.)
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-29]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
    Tcpip\..\Interfaces\{831d5904-cd77-4064-a2f9-4a901e98c990}: [DhcpNameServer] 192.168.2.1 142.166.166.166

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-21] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-21] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-21] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-21] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-21] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1316781583-3396751613-3651002200-1001: @citrixonline.com/appdetectorplugin -> C:\Users\owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-04] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217: @citrixonline.com/appdetectorplugin -> C:\Users\owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-04] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2018-06-22]
    CHR Extension: (Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-22]
    CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-22]
    CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-19]
    CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-19]
    CHR Extension: (Avast SafePrice) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-22]
    CHR Extension: (Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-22]
    CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-11]
    CHR Extension: (Avast Online Security) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-06-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-22]
    CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-19]
    CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-22]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-03-13] () [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-21] (AVAST Software)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-11] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-21] (AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-11] (AVAST Software)
    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [8633072 2018-06-21] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
    R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [217824 2013-03-21] (AppEx Networks Corporation)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-21] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-21] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-21] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-21] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-21] (AVAST Software)
    S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-21] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-21] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-21] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-21] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-21] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [463080 2018-06-21] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-21] (AVAST Software)
    R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
    R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-08] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-08] (Disc Soft Ltd)
    S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-30] (Symantec Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-22] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-22] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-22] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-22] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-23] (Malwarebytes)
    R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Realtek Semiconductor Corporation )
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-22 13:09 - 2018-06-22 08:16 - 000000000 ____D C:\Windows.old
    2018-06-22 09:58 - 2018-06-23 13:21 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-06-22 09:58 - 2018-06-22 09:58 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-06-22 09:58 - 2018-06-22 09:58 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-06-22 09:58 - 2018-06-22 09:58 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-06-22 09:46 - 2018-06-22 09:46 - 007372496 _____ (Malwarebytes) C:\Users\owner\Desktop\adwcleaner_7.2.0.exe
    2018-06-22 09:45 - 2018-06-22 09:45 - 007372496 _____ (Malwarebytes) C:\Users\owner\Downloads\adwcleaner_7.2.0.exe
    2018-06-22 09:44 - 2018-06-22 09:49 - 000000000 ____D C:\AdwCleaner
    2018-06-22 09:37 - 2018-06-22 09:58 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-06-22 09:37 - 2018-06-22 09:58 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-06-22 09:37 - 2018-06-22 09:37 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-06-22 09:37 - 2018-06-22 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-06-22 09:36 - 2018-06-22 09:36 - 000000000 ____D C:\ProgramData\MB2Migration
    2018-06-22 09:36 - 2018-06-22 09:36 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-06-22 09:34 - 2018-06-22 09:34 - 000003958 _____ C:\Users\owner\Desktop\rk_7829.tmp.txt
    2018-06-22 09:33 - 2018-06-22 09:33 - 000108742 _____ C:\Users\owner\Desktop\changelog.txt
    2018-06-22 08:56 - 2018-06-22 09:55 - 000000000 ____D C:\Users\owner\AppData\LocalLow\BitTorrent
    2018-06-22 08:20 - 2018-06-22 08:34 - 000000000 ____D C:\ProgramData\Packages
    2018-06-22 08:20 - 2018-06-22 08:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-06-22 08:19 - 2018-06-22 08:19 - 000001417 _____ C:\Users\owner\Desktop\Microsoft Edge.lnk
    2018-06-22 08:16 - 2018-06-22 08:16 - 000000020 ___SH C:\Users\owner\ntuser.ini
    2018-06-22 08:14 - 2018-06-23 13:23 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E48A19E-4568-4ED9-997D-BA22E1367C5E}
    2018-06-22 08:14 - 2018-06-22 09:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003386 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003250 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003162 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003154 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-06-22 08:14 - 2018-06-22 08:15 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-06-22 08:14 - 2018-06-22 08:15 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1316781583-3396751613-3651002200-1001
    2018-06-22 08:14 - 2018-06-22 08:15 - 000002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1316781583-3396751613-3651002200-500
    2018-06-22 08:14 - 2018-06-22 08:15 - 000002460 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
    2018-06-22 08:14 - 2018-06-22 08:15 - 000002192 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
    2018-06-22 08:14 - 2018-06-22 08:15 - 000002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
    2018-06-22 08:14 - 2018-06-22 08:14 - 000003164 _____ C:\WINDOWS\System32\Tasks\Avast TUNEUP Update
    2018-06-22 08:14 - 2018-06-22 08:14 - 000003042 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2018-06-22 08:14 - 2018-06-22 08:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-06-22 08:14 - 2013-04-30 05:13 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2120911606-3266687046-2546551219-500
    2018-06-22 08:12 - 2018-06-22 08:14 - 000007623 _____ C:\WINDOWS\diagwrn.xml
    2018-06-22 08:12 - 2018-06-22 08:14 - 000007623 _____ C:\WINDOWS\diagerr.xml
    2018-06-22 08:03 - 2018-06-22 09:58 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-06-22 07:51 - 2018-06-22 07:51 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-06-22 07:48 - 2018-06-22 08:16 - 000000000 ____D C:\Users\owner
    2018-06-22 07:48 - 2018-04-11 21:04 - 000001105 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-06-22 07:45 - 2018-06-22 07:45 - 000000000 ____D C:\ProgramData\USOShared
    2018-06-22 07:45 - 2018-04-11 21:03 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2018-06-22 07:41 - 2018-06-23 13:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-06-22 07:41 - 2018-06-22 07:55 - 000402248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-06-22 03:35 - 2018-06-21 11:56 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-06-22 03:35 - 2018-06-21 11:56 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-06-22 03:35 - 2018-06-21 11:55 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-06-22 03:35 - 2018-06-21 11:54 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-06-22 03:35 - 2018-06-21 11:53 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-06-22 03:35 - 2018-06-21 11:53 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-06-22 03:35 - 2018-06-21 11:53 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-06-22 03:35 - 2018-06-21 11:53 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-06-22 03:35 - 2017-11-17 23:12 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151096942720304
    2018-06-22 03:35 - 2017-07-21 12:46 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150065023153103
    2018-06-22 03:35 - 2017-07-12 12:09 - 000360792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.149987046764106
    2018-06-22 03:35 - 2017-05-12 21:50 - 000158368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys.149463489939002
    2018-06-22 03:35 - 2017-03-18 23:08 - 000547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148988753835904
    2018-06-22 03:35 - 2017-03-18 23:08 - 000337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148988754196806
    2018-06-22 03:35 - 2016-06-30 13:52 - 000473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.146951357190605
    2018-06-22 03:35 - 2016-06-30 13:52 - 000473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.146730376204602
    2018-06-22 03:33 - 2018-06-21 11:56 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-06-22 03:32 - 2018-06-22 13:10 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2018-06-22 03:24 - 2018-06-22 03:31 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2018-06-22 03:11 - 2018-06-22 03:11 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2018-06-22 03:11 - 2018-06-22 03:11 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2018-06-22 03:11 - 2018-06-22 03:11 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2018-06-22 03:11 - 2018-06-22 03:11 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
    2018-06-22 03:11 - 2018-06-22 03:11 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-06-22 03:10 - 2018-06-22 03:10 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2018-06-22 03:10 - 2018-06-22 03:10 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2018-06-22 03:10 - 2018-06-22 03:10 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2018-06-22 03:10 - 2018-06-22 03:10 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-06-22 03:10 - 2018-06-22 03:10 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-06-22 03:10 - 2018-06-22 03:10 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
    2018-06-22 03:10 - 2018-06-22 03:10 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll

  7. #7
    Join Date
    Jan 2006
    Posts
    400
    _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
    2018-06-22 03:10 - 2018-06-22 03:10 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
    2018-06-22 03:10 - 2018-06-22 03:10 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
    2018-06-22 03:10 - 2018-06-22 03:10 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
    2018-06-22 03:10 - 2018-06-22 03:10 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2018-06-22 03:10 - 2018-06-22 03:10 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
    2018-06-22 03:10 - 2018-06-22 03:10 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
    2018-06-22 03:09 - 2018-06-22 03:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-06-22 03:09 - 2018-06-22 03:09 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2018-06-22 03:09 - 2018-06-22 03:09 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2018-06-22 03:09 - 2018-06-22 03:09 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2018-06-22 03:09 - 2018-06-22 03:09 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-06-22 03:09 - 2018-06-22 03:09 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
    2018-06-22 03:09 - 2018-06-22 03:09 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2018-06-22 03:09 - 2018-06-22 03:09 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
    2018-06-22 03:09 - 2018-06-22 03:09 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

  8. #8
    Join Date
    Jan 2006
    Posts
    400
    2018-06-22 03:09 - 2018-06-22 03:09 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-06-22 03:09 - 2018-06-22 03:09 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-06-22 02:39 - 2018-06-22 02:39 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-06-22 02:39 - 2018-06-22 02:39 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-06-22 02:39 - 2018-06-22 02:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
    2018-06-22 02:39 - 2018-06-22 02:39 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
    2018-06-22 02:39 - 2018-06-22 02:39 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
    2018-06-22 02:39 - 2018-06-22 02:39 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
    2018-06-22 02:39 - 2018-06-22 02:39 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
    2018-06-22 02:39 - 2018-06-22 02:39 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
    2018-06-22 02:38 - 2018-06-22 02:38 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-06-22 02:38 - 2018-06-22 02:38 - 000000000 ____D C:\Program Files\MSBuild
    2018-06-22 02:38 - 2018-06-22 02:38 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-06-22 02:38 - 2018-06-22 02:38 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-06-22 02:37 - 2018-06-22 02:37 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2018-06-22 02:37 - 2018-06-22 02:37 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2018-06-22 02:37 - 2018-06-22 02:37 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2018-06-22 02:37 - 2018-06-22 02:37 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2018-06-22 02:37 - 2018-06-22 02:37 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2018-06-22 02:37 - 2018-06-22 02:37 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2018-06-22 02:08 - 2018-06-22 02:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2018-06-22 00:27 - 2018-06-22 08:16 - 000000000 ___DC C:\WINDOWS\Panther
    2018-06-21 22:24 - 2018-06-22 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-06-21 22:24 - 2018-06-22 09:34 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-06-21 22:24 - 2018-06-22 08:32 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2018-06-21 22:24 - 2018-06-21 22:24 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2018-06-21 22:23 - 2018-06-21 22:24 - 000000000 ____D C:\Program Files\RogueKiller
    2018-06-21 22:22 - 2018-06-21 22:22 - 036686264 _____ (Adlice Software ) C:\Users\owner\Desktop\RogueKiller_setup_ref3.exe
    2018-06-21 22:22 - 2018-06-21 22:22 - 007271632 _____ (Malwarebytes) C:\Users\owner\Desktop\AdwCleaner.exe
    2018-06-21 12:01 - 2018-06-21 12:01 - 000036096 _____ C:\Users\owner\Desktop\Addition.txt
    2018-06-21 11:57 - 2018-06-21 11:56 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-06-21 11:56 - 2018-06-23 13:24 - 000019346 _____ C:\Users\owner\Desktop\FRST.txt
    2018-06-21 11:56 - 2018-06-23 13:22 - 000000000 ____D C:\FRST
    2018-06-21 11:55 - 2018-06-21 11:55 - 002412544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-06-23 13:26 - 2016-05-26 15:22 - 000000000 ____D C:\Users\owner\AppData\Roaming\BitTorrent
    2018-06-23 13:22 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\appcompat
    2018-06-23 13:18 - 2018-04-11 21:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-06-22 13:10 - 2018-05-01 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-06-22 13:10 - 2018-04-12 06:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2018-06-22 13:10 - 2018-04-11 21:08 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\spool
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\IME
    2018-06-22 13:10 - 2018-04-11 21:08 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2018-06-22 13:10 - 2017-12-29 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2018-06-22 13:10 - 2017-09-29 11:16 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2018-06-22 13:10 - 2017-08-22 23:40 - 000000000 ____D C:\Program Files\CONEXANT
    2018-06-22 13:10 - 2017-06-08 21:01 - 000000000 ____D C:\Program Files\UNP
    2018-06-22 13:10 - 2017-05-29 08:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2018-06-22 13:10 - 2016-06-19 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2018-06-22 13:10 - 2016-06-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-06-22 13:10 - 2016-06-08 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nancy Drew
    2018-06-22 13:10 - 2016-06-08 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    2018-06-22 13:10 - 2013-06-23 06:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2018-06-22 13:10 - 2013-06-23 06:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(R) center
    2018-06-22 13:10 - 2013-06-23 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    2018-06-22 13:10 - 2013-06-23 06:29 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2018-06-22 13:10 - 2013-06-23 06:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2018-06-22 13:10 - 2012-07-26 05:42 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2018-06-22 13:09 - 2018-04-11 21:11 - 000000000 ____D C:\WINDOWS\Setup
    2018-06-22 11:58 - 2016-09-06 08:06 - 000000000 ____D C:\Users\owner\AppData\Local\ConnectedDevicesPlatform
    2018-06-22 09:58 - 2018-04-11 21:06 - 000000000 ____D C:\WINDOWS\INF
    2018-06-22 09:52 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-06-22 09:49 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\Registration
    2018-06-22 09:49 - 2018-04-11 18:34 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-06-22 09:49 - 2017-08-22 23:40 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
    2018-06-22 09:36 - 2016-05-26 15:23 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-06-22 09:36 - 2016-05-26 15:23 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2018-06-22 08:38 - 2018-04-11 21:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-06-22 08:35 - 2018-01-05 22:43 - 000000000 ____D C:\Users\owner\AppData\Local\Packages
    2018-06-22 08:17 - 2018-01-05 23:09 - 000000000 ___RD C:\Users\owner\3D Objects
    2018-06-22 08:17 - 2016-02-13 10:50 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-06-22 08:14 - 2017-05-04 13:12 - 000000652 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job
    2018-06-22 08:14 - 2017-05-04 13:12 - 000000556 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job
    2018-06-22 08:03 - 2018-04-11 21:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-06-22 08:02 - 2016-05-25 19:59 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2018-06-22 07:59 - 2018-05-11 09:40 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2018-06-22 07:59 - 2018-05-11 09:40 - 000002474 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
    2018-06-22 07:59 - 2017-03-19 09:24 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-06-22 07:59 - 2017-03-19 09:24 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-06-22 07:53 - 2016-06-08 21:37 - 000000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-06-22 07:47 - 2017-08-22 23:41 - 000001972 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk
    2018-06-22 07:45 - 2018-04-11 21:08 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-06-22 04:28 - 2017-07-09 00:13 - 000000000 ____D C:\Users\owner\AppData\Local\GoToMeeting
    2018-06-22 03:55 - 2018-04-11 21:08 - 000000000 __RHD C:\Users\Public\Libraries
    2018-06-22 03:52 - 2018-04-11 18:34 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
    2018-06-22 03:35 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2018-06-22 03:35 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2018-06-22 03:35 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-06-22 03:35 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\MUI
    2018-06-22 03:35 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\IME
    2018-06-22 03:33 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-06-22 03:32 - 2018-04-11 21:08 - 000000000 ____D C:\Program Files\Common Files\system
    2018-06-22 03:32 - 2017-08-22 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
    2018-06-22 03:32 - 2017-08-22 23:40 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
    2018-06-22 03:32 - 2017-08-22 23:40 - 000000000 ____D C:\Program Files\AMD
    2018-06-22 03:32 - 2017-08-22 23:39 - 000000000 ____D C:\Program Files\Synaptics
    2018-06-22 03:32 - 2013-04-30 03:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2018-06-22 03:16 - 2018-04-12 06:49 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\TextInput
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\ta-in
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\si-lk
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\setup
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\am-et
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\Provisioning
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-06-22 03:16 - 2018-04-11 21:08 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-06-22 03:16 - 2018-04-11 21:00 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-06-22 03:16 - 2018-04-11 18:34 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2018-06-22 02:39 - 2018-04-11 21:08 - 000000000 ____D C:\WINDOWS\system32\en-GB
    2018-06-22 00:16 - 2018-05-11 09:38 - 000000000 ____D C:\Users\owner\AppData\Local\AVAST Software
    2018-06-22 00:07 - 2017-03-10 21:40 - 000000000 ____D C:\Program Files\Common Files\AV
    2018-06-21 23:19 - 2017-10-21 17:08 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-06-21 23:19 - 2016-06-05 08:33 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-06-21 23:19 - 2016-06-05 08:33 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-06-21 22:22 - 2013-06-23 07:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-06-21 11:53 - 2017-10-09 14:40 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2018-06-21 11:47 - 2016-05-25 20:41 - 000000000 ___RD C:\Users\owner\OneDrive
    2018-06-21 11:46 - 2016-12-09 22:22 - 000000000 ____D C:\ProgramData\Big Fish
    2018-06-21 11:46 - 2016-12-09 22:22 - 000000000 ____D C:\BigFishCache
    2018-05-28 05:51 - 2016-12-09 22:23 - 000000000 ____D C:\ProgramData\TEMP
    2018-05-26 18:12 - 2017-01-01 20:50 - 000000000 ____D C:\Users\owner\AppData\Roaming\Elephant Games
    2018-05-25 12:01 - 2017-01-17 10:11 - 000000000 ____D C:\Users\owner\AppData\Roaming\Eipix
    2018-05-25 08:57 - 2016-05-26 15:23 - 000000927 _____ C:\Users\owner\Desktop\BitTorrent.lnk
    2018-05-25 08:57 - 2016-05-26 15:23 - 000000907 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

    Some files in TEMP:
    ====================
    2018-06-22 08:32 - 2018-06-22 03:10 - 001946328 _____ (Microsoft Corporation) C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-22 07:41

    ==================== End of FRST.txt ============================

  9. #9
    Join Date
    Jan 2006
    Posts
    400
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
    Ran by Michelle (23-06-2018 13:26:45)
    Running from C:\Users\owner\Desktop
    Windows 10 Home Version 1803 17134.112 (X64) (2018-06-22 10:46:17)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1316781583-3396751613-3651002200-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1316781583-3396751613-3651002200-1002 - Limited - Enabled)
    DefaultAccount (S-1-5-21-1316781583-3396751613-3651002200-503 - Limited - Disabled)
    Guest (S-1-5-21-1316781583-3396751613-3651002200-501 - Limited - Disabled)
    Michelle (S-1-5-21-1316781583-3396751613-3651002200-1001 - Administrator - Enabled) => C:\Users\owner
    WDAGUtilityAccount (S-1-5-21-1316781583-3396751613-3651002200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{931B988B-0973-0DF5-C3B7-572935D34DCD}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.2.0 - AppEx Networks)
    Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{9E005AAA-81A3-478E-8944-532D350952EE}) (Version: 11.3.1.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.1.4888 - AVAST Software)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 65.1.470.182 - AVAST Software)
    BitTorrent (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
    BitTorrent (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.19.52 - Conexant)
    Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
    Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
    GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
    GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
    Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41504) (Version: 3.8.0.41504.23 - Intel)
    iTunes (HKLM\...\{3D8C6B05-FE24-4B9C-A57C-B8E1FA39E83D}) (Version: 12.7.4.80 - Apple Inc.)
    Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
    RogueKiller version 12.12.23.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.23.0 - Adlice Software)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.4.6405 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 4.0.5.0 - Toshiba Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.03.6400 - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
    WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-21] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-21] (AVAST Software)
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-21] (AVAST Software)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-21] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-21] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D21B380-0055-40C0-B24A-CCA590402998} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-11] (AVAST Software)
    Task: {1EFB38F0-1839-425A-8878-EB75762FE3AF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-21] (Microsoft Corporation)
    Task: {259D66C1-9CDD-4F1E-9524-57D482BBFC72} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-06-21] (AVAST Software)
    Task: {26BBA1F0-5DE1-4531-B7B8-91F2B5B35A6F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
    Task: {2F82635E-87D6-4C7D-9F4A-4E821FD1541D} - System32\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001 => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupload.exe [2018-05-23] (LogMeIn, Inc.)
    Task: {305EA473-F316-4577-A260-E0BBAF871308} - System32\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001 => C:\Users\owner\AppData\Local\GoToMeeting\8847\g2mupdate.exe [2018-05-23] (LogMeIn, Inc.)
    Task: {373F3EDC-D083-435E-92A3-C0E80A5662DB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-11] (AVAST Software)
    Task: {3DA03691-9CE6-465C-BFF8-F950E32A5850} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
    Task: {3E0CA981-F69A-4464-ACF9-25B670313601} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-21] (AVAST Software)
    Task: {3F8E2400-738B-4AD0-AFE7-8CEAF830D3D8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
    Task: {3FF140A7-8618-4A7F-8928-5F245C5C32D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {4A81D542-1BB3-4C83-BC8F-3668B82601E8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
    Task: {4C8D64D7-AB36-433E-94ED-1D8B703A3655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-19] (Google Inc.)
    Task: {57D65518-E897-4C08-9B23-5A87EA2756F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {688CCA52-411A-4506-91D4-836AB8627D34} - \WPD\SqmUpload_S-1-5-21-1316781583-3396751613-3651002200-1001 -> No File <==== ATTENTION
    Task: {8A2ACAA9-0B4D-455B-A403-93565EF70196} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-21] (Microsoft Corporation)
    Task: {9EA63FFE-1CE1-4719-A558-8CF3A8713AAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
    Task: {AEAA20AE-E8F8-4EE4-87CF-0BD6EAA58D9B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
    Task: {B6D81361-541A-45F2-9B8D-1C7313A32768} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
    Task: {C0867B08-D31D-465E-A476-C32A6CD179AA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-22] (AVAST Software)
    Task: {D4762CF7-9E06-4F2F-A8C5-F5E40D7C94B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
    Task: {D724964C-D16A-49AD-BC61-173F02DAD738} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
    Task: {DF7CDE6E-0617-4105-9FA9-D3F2488F1E58} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-21] (Microsoft Corporation)
    Task: {EDDAD226-FFE6-45D4-8085-8E62EA202673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-19] (Google Inc.)
    Task: {FB0C8CFF-218B-403F-AF01-2DB2733B89BD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job => C:\Users\owner\AppData\Local\GoToMeeting\8953\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1316781583-3396751613-3651002200-1001.job => C:\Users\owner\AppData\Local\GoToMeeting\8953\g2mupload.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 21:04 - 2018-04-11 21:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2013-03-13 04:55 - 2013-03-13 04:55 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-06-22 09:37 - 2018-06-22 09:58 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-06-22 09:37 - 2018-06-22 09:58 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2018-04-11 21:04 - 2018-04-11 21:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 21:04 - 2018-04-11 21:04 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-06-21 22:38 - 2018-06-21 22:39 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-06-21 22:38 - 2018-06-21 22:39 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-06-21 22:38 - 2018-06-21 22:39 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-10-21 17:03 - 2017-10-21 17:03 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-06-21 22:38 - 2018-06-21 22:39 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-04-17 16:06 - 2018-04-17 16:07 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-05-21 17:55 - 2018-05-21 17:55 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-05-21 17:55 - 2018-05-21 17:55 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2012-07-18 23:08 - 2012-07-18 23:08 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-04-08 08:04 - 2018-04-08 08:04 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-06-21 22:35 - 2018-06-21 22:37 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-06-21 22:35 - 2018-06-21 22:37 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-10-21 17:18 - 2017-10-21 17:19 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-05-05 13:26 - 2018-05-05 13:27 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-04-08 20:09 - 2018-04-08 20:15 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-06-21 22:35 - 2018-06-21 22:37 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-06-21 22:35 - 2018-06-21 22:37 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-05-25 08:56 - 2018-05-25 08:57 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-06-21 22:35 - 2018-06-21 22:37 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
    2018-06-22 08:38 - 2018-06-22 08:38 - 002921472 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
    2018-06-22 08:38 - 2018-06-22 08:38 - 000120832 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe\PeopleUtilRT.dll
    2018-06-22 08:38 - 2018-06-22 08:38 - 009253888 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1805.1361.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
    2018-04-08 20:03 - 2018-04-08 20:03 - 004734464 _____ () C:\Program Files\WindowsApps\Microsoft.Wallet_2.2.18065.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2018-06-22 03:10 - 2018-06-22 03:10 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2018-06-21 22:41 - 2018-06-21 22:42 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
    2018-06-21 22:41 - 2018-06-21 22:42 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2018-04-06 10:13 - 2018-04-06 10:13 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2018-06-21 11:54 - 2018-06-21 11:54 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-06-21 11:53 - 2018-06-21 11:53 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-12-29 17:52 - 2016-09-12 15:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:011957C3 [494]
    AlternateDataStreams: C:\ProgramData\TEMP:1AAE1596 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:1EEF2E2E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:360099BE [532]
    AlternateDataStreams: C:\ProgramData\TEMP:46CDAE37 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:4BC45553 [528]
    AlternateDataStreams: C:\ProgramData\TEMP:4EE5E364 [472]
    AlternateDataStreams: C:\ProgramData\TEMP:4FE3FB06 [504]
    AlternateDataStreams: C:\ProgramData\TEMP:5065B53D [478]
    AlternateDataStreams: C:\ProgramData\TEMP:565D4B03 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:5662D042 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:574B5728 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:577A1FF0 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:6522294D [500]
    AlternateDataStreams: C:\ProgramData\TEMP:73C1C1FA [488]
    AlternateDataStreams: C:\ProgramData\TEMP:84DC07A0 [514]
    AlternateDataStreams: C:\ProgramData\TEMP:8732B03A [508]
    AlternateDataStreams: C:\ProgramData\TEMP:A543EB0F [528]
    AlternateDataStreams: C:\ProgramData\TEMP:A694F56D [530]
    AlternateDataStreams: C:\ProgramData\TEMP:B4941957 [480]
    AlternateDataStreams: C:\ProgramData\TEMP:BB6E0C06 [488]
    AlternateDataStreams: C:\ProgramData\TEMP:BE4D8283 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:BF092123 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:BF9D6105 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:C8D3D71E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E [498]
    AlternateDataStreams: C:\ProgramData\TEMP211E75D [528]
    AlternateDataStreams: C:\ProgramData\TEMP:E8B7F91B [516]
    AlternateDataStreams: C:\ProgramData\TEMP:EA8E5358 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 [518]
    AlternateDataStreams: C:\ProgramData\TEMP:F2F0A8AC [528]
    AlternateDataStreams: C:\ProgramData\TEMP:F41B5978 [504]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 02:56 - 2012-07-26 02:56 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132117233\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132117858\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img11.jpg
    HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img11.jpg
    DNS Servers: 192.168.2.1 - 142.166.166.166
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9AD41415-99B3-4DB8-B4E6-01EBC524E29A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{E234B018-7157-42D7-B696-404948042A4C}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{1D039ABA-F399-4F57-A0F1-AD88E8252BC6}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{D1BEA44F-3626-43A1-86E1-D6996560C604}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{D79F9A0C-C3E7-4CB7-9C87-0F72286892C2}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{82DFCB07-58E2-4228-9659-839B29A20479}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
    FirewallRules: [{E3842E4C-D85A-43AD-8C27-8FBD5B0C3E70}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6011DB37-341B-4A3C-BB4D-5A3570A9F1EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{52F766FF-986C-4C1A-9632-5D3BE7EF7106}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
    FirewallRules: [{C4636DC7-E707-4B42-AAAE-64D089AA6F69}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8AAC46A3-E907-4C1D-9381-CB225CFE2343}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{14705730-EB27-44EF-B15F-36DBBFB0EDA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2C58A105-7A4D-405B-85B0-D32D5F35C9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{76932916-8DBC-4064-B7BA-6544A7CAEF02}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{711ADEFB-4947-4BC1-81DC-36B2FAA9C13D}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{EDFC07E7-9FE3-4173-8EBB-2CCA9608D99B}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{867CC6BC-EEAE-46F9-807A-AA3E169D7987}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{F2F79E90-DAC0-4321-B915-4379E7080648}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{09221E56-7768-404E-9B31-191D61184942}] => (Allow) C:\Users\owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{C191347B-81F3-4C0C-B902-39F7807C42CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    ==================== Restore Points =========================

    23-06-2018 13:24:41 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/23/2018 01:23:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/22/2018 12:44:08 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/22/2018 11:59:58 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/22/2018 09:44:09 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (06/22/2018 09:30:50 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (06/22/2018 09:30:50 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (06/22/2018 09:30:15 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000

    Error: (06/22/2018 09:30:15 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000


    System errors:
    =============
    Error: (06/23/2018 01:23:21 PM) (Source: DCOM) (EventID: 10016) (User: Toshiba)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Toshiba\Michelle SID (S-1-5-21-1316781583-3396751613-3651002200-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/23/2018 01:22:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/22/2018 09:52:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/22/2018 09:49:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Cleanup Premium service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (06/22/2018 09:49:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/22/2018 09:49:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/22/2018 09:49:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/22/2018 09:49:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================

    Date: 2018-06-22 09:55:03.358
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:55:03.154
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:47:00.356
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:46:36.793
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:46:36.083
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:46:26.968
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:46:26.963
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2018-06-22 09:45:36.052
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 59%
    Total physical RAM: 5581.51 MB
    Available physical RAM: 2238.47 MB
    Total Virtual: 7181.51 MB
    Available Virtual: 3565.89 MB

    ==================== Drives ================================

    Drive c: (TI80145100B) (Fixed) (Total:917.12 GB) (Free:828.29 GB) NTFS
    Drive d: (JM_30DAY_SHRED) (CDROM) (Total:3.51 GB) (Free:0 GB) UDF

    \\?\Volume{d359d822-0348-4fa6-aa05-6c5a3369158d}\ (System) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
    \\?\Volume{4562764e-c12b-4c5a-a868-0a2055165916}\ () (Fixed) (Total:1 GB) (Free:0.47 GB) NTFS
    \\?\Volume{9de0ba6e-9faa-4838-88de-3e043ae3a730}\ (Recovery) (Fixed) (Total:12.02 GB) (Free:0.87 GB) NTFS
    \\?\Volume{6a79130f-7e1f-408a-b17e-e225ebbc801b}\ () (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
    \\?\Volume{5bc5dda1-22c7-11e6-9d8e-089e01ee9948}\ () (CDROM) (Total:0 GB) (Free:0 GB)
    \\?\Volume{5bc5dde2-22c7-11e6-9d8e-089e01ee9948}\ () (CDROM) (Total:0 GB) (Free:0 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: CC346632)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  10. #10
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,359
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Attached Files Attached Files

  11. #11
    Join Date
    Jan 2006
    Posts
    400
    Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
    Ran by Michelle (24-06-2018 15:55:41) Run:1
    Running from C:\Users\owner\Desktop
    Loaded Profiles: Michelle & (Available Profiles: Michelle)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    2018-06-22 08:32 - 2018-06-22 03:10 - 001946328 _____ (Microsoft Corporation) C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll
    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File
    Task: {688CCA52-411A-4506-91D4-836AB8627D34} - \WPD\SqmUpload_S-1-5-21-1316781583-3396751613-3651002200-1001 -> No File <==== ATTENTION
    Task: {FB0C8CFF-218B-403F-AF01-2DB2733B89BD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:011957C3 [494]
    AlternateDataStreams: C:\ProgramData\TEMP:1AAE1596 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:1EEF2E2E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:360099BE [532]
    AlternateDataStreams: C:\ProgramData\TEMP:46CDAE37 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:4BC45553 [528]
    AlternateDataStreams: C:\ProgramData\TEMP:4EE5E364 [472]
    AlternateDataStreams: C:\ProgramData\TEMP:4FE3FB06 [504]
    AlternateDataStreams: C:\ProgramData\TEMP:5065B53D [478]
    AlternateDataStreams: C:\ProgramData\TEMP:565D4B03 [520]
    AlternateDataStreams: C:\ProgramData\TEMP:5662D042 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:574B5728 [516]
    AlternateDataStreams: C:\ProgramData\TEMP:577A1FF0 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:6522294D [500]
    AlternateDataStreams: C:\ProgramData\TEMP:73C1C1FA [488]
    AlternateDataStreams: C:\ProgramData\TEMP:84DC07A0 [514]
    AlternateDataStreams: C:\ProgramData\TEMP:8732B03A [508]
    AlternateDataStreams: C:\ProgramData\TEMP:A543EB0F [528]
    AlternateDataStreams: C:\ProgramData\TEMP:A694F56D [530]
    AlternateDataStreams: C:\ProgramData\TEMP:B4941957 [480]
    AlternateDataStreams: C:\ProgramData\TEMP:BB6E0C06 [488]
    AlternateDataStreams: C:\ProgramData\TEMP:BE4D8283 [484]
    AlternateDataStreams: C:\ProgramData\TEMP:BF092123 [510]
    AlternateDataStreams: C:\ProgramData\TEMP:BF9D6105 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:C8D3D71E [530]
    AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E [498]
    AlternateDataStreams: C:\ProgramData\TEMP211E75D [528]
    AlternateDataStreams: C:\ProgramData\TEMP:E8B7F91B [516]
    AlternateDataStreams: C:\ProgramData\TEMP:EA8E5358 [522]
    AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 [518]
    AlternateDataStreams: C:\ProgramData\TEMP:F2F0A8AC [528]
    AlternateDataStreams: C:\ProgramData\TEMP:F41B5978 [504]

    *****************

    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    C:\Users\owner\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    CustomCLSID: HKU\S-1-5-21-1316781583-3396751613-3651002200-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06232018132118217_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\owner\AppData\Local\Citrix\GoToMeeting\6871\G2MOutlookAddin64.dll => No File => Error: No automatic fix found for this entry.
    "HKU\S-1-5-21-1316781583-3396751613-3651002200-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{688CCA52-411A-4506-91D4-836AB8627D34}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{688CCA52-411A-4506-91D4-836AB8627D34}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1316781583-3396751613-3651002200-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB0C8CFF-218B-403F-AF01-2DB2733B89BD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB0C8CFF-218B-403F-AF01-2DB2733B89BD}" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
    C:\ProgramData\TEMP => ":011957C3" ADS removed successfully
    C:\ProgramData\TEMP => ":1AAE1596" ADS removed successfully
    C:\ProgramData\TEMP => ":1EEF2E2E" ADS removed successfully
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
    C:\ProgramData\TEMP => ":360099BE" ADS removed successfully
    C:\ProgramData\TEMP => ":46CDAE37" ADS removed successfully
    C:\ProgramData\TEMP => ":4BC45553" ADS removed successfully
    C:\ProgramData\TEMP => ":4EE5E364" ADS removed successfully
    C:\ProgramData\TEMP => ":4FE3FB06" ADS removed successfully
    C:\ProgramData\TEMP => ":5065B53D" ADS removed successfully
    C:\ProgramData\TEMP => ":565D4B03" ADS removed successfully
    C:\ProgramData\TEMP => ":5662D042" ADS removed successfully
    C:\ProgramData\TEMP => ":574B5728" ADS removed successfully
    C:\ProgramData\TEMP => ":577A1FF0" ADS removed successfully
    C:\ProgramData\TEMP => ":6522294D" ADS removed successfully
    C:\ProgramData\TEMP => ":73C1C1FA" ADS removed successfully
    C:\ProgramData\TEMP => ":84DC07A0" ADS removed successfully
    C:\ProgramData\TEMP => ":8732B03A" ADS removed successfully
    C:\ProgramData\TEMP => ":A543EB0F" ADS removed successfully
    C:\ProgramData\TEMP => ":A694F56D" ADS removed successfully
    C:\ProgramData\TEMP => ":B4941957" ADS removed successfully
    C:\ProgramData\TEMP => ":BB6E0C06" ADS removed successfully
    C:\ProgramData\TEMP => ":BE4D8283" ADS removed successfully
    C:\ProgramData\TEMP => ":BF092123" ADS removed successfully
    C:\ProgramData\TEMP => ":BF9D6105" ADS removed successfully
    C:\ProgramData\TEMP => ":C8D3D71E" ADS removed successfully
    C:\ProgramData\TEMP => ":CF8AEC6E" ADS removed successfully
    "AlternateDataStreams: C:\ProgramData\TEMP211E75D [528]" => "AlternateDataStreams: C:\ProgramData\TEMP211E75D [528]" ADS not found.
    C:\ProgramData\TEMP => ":E8B7F91B" ADS removed successfully
    C:\ProgramData\TEMP => ":EA8E5358" ADS removed successfully
    C:\ProgramData\TEMP => ":F176B6C6" ADS removed successfully
    C:\ProgramData\TEMP => ":F2F0A8AC" ADS removed successfully
    C:\ProgramData\TEMP => ":F41B5978" ADS removed successfully

    ==== End of Fixlog 15:55:42 ====

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,359
    Last scans...

    Download Security Check from here or here and save it to your Desktop.

    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.




    Download Sophos Free Virus Removal Tool and save it to your desktop.

    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program

  13. #13
    Join Date
    Jan 2006
    Posts
    400
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avast Antivirus
    Windows Defender
    Malwarebytes
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Google Chrome (67.0.3396.87)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamtray.exe
    Windows Defender MSASCuiL.exe
    system32 AvastSvc.exe -?-
    AVAST Software Avast Cleanup TuneupSvc.exe
    AVAST Software Browser Update 1.4.136.333\AvastBrowserCrashHandler.exe
    AVAST Software Browser Update 1.4.136.333\AvastBrowserCrashHandler64.exe
    AVAST Software Avast AvastUI.exe
    AVAST Software Avast Cleanup TuneupUI.exe
    AVAST Software Browser Update AvastBrowserUpdate.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 27-01-2016
    Ran by Michelle (administrator) on 25-06-2018 at 08:33:25
    Running from "C:\Users\owner\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****


    Sophos didn't find anything.

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,359
    Your computer is clean

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:

    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings


    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/foru.../#entry3187642

    10. Please, let me know, how your computer is doing.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •