Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No sound, no modem/router, Google Voice being used out of the Philippines, progr


  • Please log in to reply
89 replies to this topic

#1 Pei

Pei

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 06 December 2016 - 12:15 AM

Help!!  I couldn't attach the 'Addition - Notepad', the 2nd scan. Clicking on 'choose file' did not bring up desktop! It brought up something else. I finally found desktop but it wouldn't attach. It was in the bar at the bottom and I pulled it up onto the desktop but that didn't work and so I closed it and instead of going back to the bar where it was it vanished and I've looked everyplace I know to look...what do I do? Start all over? The 1st scan I copy/pasted and it's after my description of the situation with my computer.

 

Hello,

The above in 'TopicTitle' are the symptoms, I wouldn’t begin to know what type of virus/infection/worm/malware, etc. may be causing the problems. First and most important… I know just enough to know I don’t know! So I may not have explained things correctly. I have a Toshiba Satellite with Win 7.

 

When I started to download Win 10, I didn’t realize it would take so long. So I went to bed figuring it knew what it was doing. When I woke up I discovered:  no sound – even though the system and speaker test sounds are audible, Google Voice had vanished into thin air, the password and username to the modem/router (Netgear 450 WiFi Modem model CG3000Dv2) had been changed, System Mechanic gone and when I sign out of my main email acct, I'm still signed in when I go back later to sign back in was already signed in and this happens all the time AND yesterday I logged off this site, when came back today…I was signed in!!! Yikes!

 

First, I tried to do a system restore to a previous date figuring I just go back to before I downloaded Win 10, but none of the listed dates were before the download and I wasn’t able to find out how to create a date.

 

I contacted the MS help desk through ‘Live Chat’ and spent hours every day for over a week; 9 hrs one day, 8 hrs another, 6 hrs another, etc. They updated drivers – the same drivers - over and over again. They didn’t know how to fix the sound or what I needed to do to secure the modem/router or how to get Google Voice to work. They didn't know why any of that happened and assured me it wasn't due to Win 10. When I discovered that Sound problem are known problem with Win10 and MS has known since before they made it public, I asked them to remove Win 10 from my computer. They did and said there was nothing more they could do, an ‘Oh well, things happen” attitude.

 

I contacted the internet provider to find out how to reset the user name and password. They refused to tell me unless I paid an additional $10/mth for ‘protection’ (ahem, really?!); even though they installed the equipment that I rent from them.

 

Next I contacted Netgear, after all it's their modem/router, they said they couldn’t tell me since giving out that information goes against company policy. What?!  The control panel says the user is admin (the factory default) and the password is password (the factory default); however, when I try both it says the user is not user and the password is not password. Someone told me that if there was a keystroke spy, then they’d know whatever I changed it to so a factory reset would do me no good.

 

Then I went to the public library’s computer help lab. They weren’t able to help with the modem/router, or the sound… however, over several visits the guy discovered that the reason I couldn’t access Google Voice was because it was being operated out of the Philippines! Another couple visits and the guy got it back, he showed me how he knew and what he changed. He believed a virus/malware, probably from the Philippines, was attached to Win 10 and that’s how it got in, and the modem/router problem is because ‘they’ have hijacked it and are using it.

 

First I downloaded Malwarebytes Anti-Malware, and then I added IObit Malware Fighter with Driver Booster, Smart Defrag 5 and Advanced SystemCare 10. Finally I installed Avast Free Antivirus.  Because of what I read here a few days ago I’ve uninstalled the IObit suite; now just have Malwarebytes Anti-Malware free version and Avast Free Antivirus.

 

It’s taken me several days to understand how to post this request; I hope I’ve done everything correctly.

 

At some point in the first few weeks of the debacle I joined this site so I could read different things to see if there something I would learn to help. When I discovered that there are people who volunteer to help others figure out how to do things; I decided it was time to ask for help, guidance, what have you, etc. 

 

Thank you in advance for taking the time to read all of this. Pei

PS...I love the name, someone has a great sense of humor and the energy here is great.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Lynne (administrator) on LYNNE-PC (05-12-2016 21:08:38)
Running from C:\Users\Lynne\Downloads
Loaded Profiles: Lynne (Available Profiles: Lynne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-28] (AVAST Software)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [Google Update] => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-26] (Google Inc.)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2663092148-2684428880-4007880259-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{5844C1A7-ED4C-40E3-BDD7-F570BA8774A9}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9402C150-9642-4AE6-BE05-C339532ED0C9}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B2E2A3A6-944A-477B-9517-1A19760633EB}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{B5CE4FE4-849C-4A2B-9C3D-55C3D4C66796}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> DefaultScope {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default [2016-12-04]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5lzddykh.default -> hxxp://www.yahoo.com/
FF Extension: (Ghostery) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\firefox@ghostery.com.xpi [2016-09-07]
FF Extension: (Dashlane) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-06-03]
FF Extension: (AdBlock Lite) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-07-07]
FF Extension: (Toggle JavaScript) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-KYgT07tufVQH4w@jetpack.xpi [2016-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2012-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @BluebeamPDF/PDF viewer -> C:\Program Files (x86)\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll [2013-09-24] (Bluebeam Software, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/O1DPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate07132013
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default [2016-12-05]
CHR Extension: (Common Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\acffocjoafjbncgcmoephiffghmjlfdi [2016-09-24]
CHR Extension: (Tri Jeweled 2) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bennkoppbniegdeakggleaifebacachi [2016-07-04]
CHR Extension: (Hidden Objects - House 1) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2016-07-04]
CHR Extension: (Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmfahnddgeeapjmnbnhffcopglalehoj [2016-07-04]
CHR Extension: (AdBlock) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23]
CHR Extension: (Fitz 2: Magic Match 3 Puzzle) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpljpgkbcdgokloimcnjlpomliallcdo [2016-07-04]
CHR Extension: (Music Player for Google Drive) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2016-09-12]
CHR Extension: (Jewel Academy) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcbahondobhelgdoiiafgcahfconlab [2016-07-04]
CHR Extension: (Hidden Object Games) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcjejipaofdlncnaamfgpailbolbpll [2016-07-04]
CHR Extension: (Sounds & Music to Study) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkiolflpfgfckehinhoepmhaoijohijh [2016-09-12]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-12-05]
CHR Extension: (Radio Player UK) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihelodhpehphabeeommiodngebkghke [2016-09-12]
CHR Extension: (Ghostery) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-27]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-05]
CHR Extension: (Mahjong Solitaire) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2016-07-04]
CHR Extension: (OK Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfpafmpnlgclkmfnfmmigcidnkcimbia [2016-07-04]
CHR Extension: (Gems Match Deluxe) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaaboooklodfocbddhdlnacndjdenmd [2016-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Mahjong Master) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf [2016-07-04]
CHR Extension: (Radio Player Live Stations) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooflekjlabfkiacfocahkgcdadcnhmjf [2016-09-12]
CHR Extension: (Mayan Caves) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\phemejbnagnfkhkhhjjifkbckfoaojbh [2016-07-04]
CHR Extension: (Weather Underground) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; C:\windows\system32\drivers\aswHdsKe.sys [82936 2016-11-27] (AVAST Software)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-07-17] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [34816 2007-07-26] (ASIX Electronics Corp.)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [23464 2011-08-11] (EldoS Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-07-09] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [418784 2016-11-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [3709656 2016-07-09] (Realtek Semiconductor Corporation                           )
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 PDFsFilter; system32\DRIVERS\PDFsFilter.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-05 21:08 - 2016-12-05 21:12 - 00022940 _____ C:\Users\Lynne\Downloads\FRST.txt
2016-12-05 21:07 - 2016-12-05 21:08 - 00000000 ____D C:\FRST
2016-12-05 21:06 - 2016-12-05 21:07 - 02419712 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64.exe
2016-12-05 20:03 - 2016-12-05 20:03 - 00000000 ____D C:\Users\Lynne\Desktop\Dec2016Backup
2016-12-05 17:45 - 2016-12-05 17:45 - 00068281 _____ C:\Users\Lynne\Downloads\Toshiba Satellite C655D-S5234 User Manual20161206775246800.pdf
2016-12-05 02:50 - 2016-12-05 02:50 - 00013741 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to send to Laurie.wbk
2016-12-03 15:58 - 2016-12-03 15:58 - 00001773 _____ C:\Users\Lynne\Downloads\MarkoftheRose9781101543917.acsm
2016-12-01 20:21 - 2016-12-01 20:21 - 00000000 ____H C:\asc_rdflag
2016-12-01 20:00 - 2016-12-01 20:00 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\SysWOW64\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\system32\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-01 19:59 - 2016-12-01 20:00 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-12-01 19:59 - 2016-12-01 19:59 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-29 23:21 - 2016-12-03 13:33 - 00014178 _____ C:\Users\Lynne\Documents\Backup of a AZ -- TESSA DARE SERIES LIST.wbk
2016-11-28 21:40 - 2016-11-28 21:40 - 00014921 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Amazon Bed Risers Options.wbk
2016-11-28 00:23 - 2016-11-27 10:35 - 00082936 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2016-11-28 00:17 - 2016-10-13 07:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw531A.tmp
2016-11-28 00:17 - 2016-09-22 07:50 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5193.tmp
2016-11-28 00:17 - 2016-09-13 09:29 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw4889.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw54B1.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw4E66.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw4B48.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw502B.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw4CDF.tmp
2016-11-28 00:17 - 2016-08-19 14:49 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw4628.tmp
2016-11-28 00:16 - 2016-08-19 14:50 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-11-27 20:47 - 2016-11-27 20:47 - 00012661 _____ C:\Users\Lynne\Documents\Backup of a AZ -- bleeping computer User ID.wbk
2016-11-27 12:21 - 2016-11-27 12:21 - 00012775 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Vascular doctor to do vein.wbk
2016-11-27 00:37 - 2016-11-27 00:38 - 01195800 _____ (iolo technologies, LLC) C:\Users\Lynne\Documents\sm_dm.exe
2016-11-27 00:18 - 2016-11-27 00:18 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (3).exe
2016-11-27 00:16 - 2016-11-27 13:39 - 00014972 _____ C:\Users\Lynne\Documents\Backup of a AZ --debacle  re win 10 letter.wbk
2016-11-27 00:14 - 2016-11-27 00:14 - 00000000 ____D C:\iolo
2016-11-27 00:14 - 2016-11-27 00:13 - 41276784 _____ C:\Users\Lynne\Documents\SystemMechanic.exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (2).exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00074703 _____ C:\windows\SysWOW64mfc45.dll
2016-11-27 00:10 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (1).exe
2016-11-26 19:43 - 2016-11-26 19:43 - 00013328 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Ellen.wbk
2016-11-26 15:37 - 2016-11-26 15:37 - 00340988 _____ C:\Users\Lynne\Documents\view-from-the-front-line_1.pdf
2016-11-26 13:58 - 2016-11-26 13:58 - 02941234 _____ C:\Users\Lynne\Documents\ffc43ac0-5a76-4196-84ed-368f8c309452.pdf
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-22 21:02 - 2016-11-23 15:31 - 00000000 ____D C:\Users\Lynne\Documents\Thai use these
2016-11-21 15:39 - 2016-11-21 15:39 - 00013538 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Lemongrass and Chili Relish.wbk
2016-11-21 15:19 - 2016-11-21 15:19 - 00013140 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Roasted Chili Jam Dipping Sauce 1890.wbk
2016-11-21 12:54 - 2016-11-21 12:54 - 00014478 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Rice Cooking  in Microwave.wbk
2016-11-21 09:46 - 2016-11-21 09:46 - 09891328 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
2016-11-21 09:46 - 2016-11-21 09:46 - 04332032 _____ (Realtek Semiconductor Corp.) C:\windows\RtCRU64.exe
2016-11-21 09:46 - 2016-11-21 09:46 - 00418784 _____ (Realsil Semiconductor Corporation) C:\windows\system32\Drivers\RtsUer.sys
2016-11-21 09:46 - 2016-11-21 09:46 - 00084480 _____ (Realtek Semiconductor.) C:\windows\system32\SETA6DB.tmp
2016-11-20 11:56 - 2016-11-20 11:56 - 00013092 _____ C:\Users\Lynne\Documents\Backup of a AZ -- thai chili caramel sauce.wbk
2016-11-20 07:08 - 2016-11-20 07:08 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-20 07:08 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-11-19 15:56 - 2016-11-19 15:56 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-11-18 20:56 - 2016-11-18 20:56 - 04457355 _____ C:\Users\Lynne\Documents\2016-11-15-Trump_Letter.pdf
2016-11-17 17:48 - 2016-11-17 17:49 - 45738048 _____ (IObit ) C:\Users\Lynne\Documents\imfv4-setup-trial.exe
2016-11-16 23:19 - 2016-11-16 23:19 - 00016964 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Yellow Turkey Curry.wbk
2016-11-16 21:11 - 2016-11-16 21:11 - 00016572 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Feast Under An Hour.wbk
2016-11-16 20:53 - 2016-11-16 20:53 - 00013810 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato and Carrot Soup.wbk
2016-11-16 20:45 - 2016-11-16 20:45 - 00013660 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet and Spicy Relish.wbk
2016-11-16 20:13 - 2016-11-24 00:35 - 00000000 ____D C:\Users\Lynne\Documents\Thai Dinner
2016-11-15 19:45 - 2016-11-15 19:45 - 01799221 _____ C:\Users\Lynne\Documents\travel club 50 and over novembernewsletter2016.pdf
2016-11-15 14:27 - 2013-10-04 12:36 - 00436930 _____ C:\Users\Lynne\Documents\11steps - Copy.pdf
2016-11-12 19:14 - 2016-11-23 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-12 19:12 - 2016-12-05 20:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a.job
2016-11-12 19:12 - 2016-12-05 19:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc.job
2016-11-12 19:12 - 2016-11-12 19:12 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a
2016-11-12 19:12 - 2016-11-12 19:12 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc
2016-11-12 19:07 - 2016-11-12 19:09 - 01065376 _____ (Google Inc.) C:\Users\Lynne\Documents\googledrivesync.exe
2016-11-12 17:30 - 2016-11-12 17:30 - 00016270 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Malware Tips Website  free help.wbk
2016-11-12 13:13 - 2016-11-12 13:13 - 00014503 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato Tom Kha.wbk
2016-11-11 22:49 - 2016-11-11 22:49 - 00014540 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Cinnamon Raisin Bread Pudding with Vanilla Sauce.wbk
2016-11-11 22:21 - 2016-11-11 22:21 - 00110316 _____ C:\Users\Lynne\Documents\a AZ -- Bread pudding (1) to edit.pdf
2016-11-11 22:20 - 2016-11-11 22:20 - 00110316 _____ C:\Users\Lynne\Documents\Bread pudding.pdf
2016-11-11 12:28 - 2016-11-12 12:32 - 00017403 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to pay attention to.wbk
2016-11-09 18:11 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-11-09 18:11 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-11-09 18:11 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-11-09 18:11 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-11-09 18:11 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-11-09 18:11 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-11-09 18:11 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-11-09 18:11 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-11-09 18:11 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-11-09 18:11 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-11-09 18:11 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-11-09 18:11 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-11-09 18:11 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-11-09 18:11 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-11-09 18:11 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-11-09 18:11 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-11-09 18:11 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-11-09 18:11 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-11-09 18:11 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-11-09 18:11 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-11-09 18:11 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-11-09 18:11 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-11-09 18:11 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-11-09 18:11 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-11-09 18:11 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-11-09 18:11 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-11-09 18:11 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-11-09 18:11 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-11-09 18:11 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-11-09 18:11 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-11-09 18:11 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-11-09 18:11 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-11-09 18:11 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-11-09 18:11 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-11-09 18:11 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-11-09 18:11 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-11-09 18:11 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-11-09 18:11 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-11-09 18:11 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-11-09 18:11 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-11-09 18:11 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-11-09 18:11 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-11-09 18:11 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-11-09 18:11 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\IMJP10.IME
2016-11-09 18:11 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-11-09 18:11 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-11-09 18:11 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\windows\system32\imkr80.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2016-11-09 18:11 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\windows\system32\tintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\quick.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\qintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\phon.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\cintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\chajei.ime
2016-11-09 18:11 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\pintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10.IME
2016-11-09 18:11 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-11-09 18:11 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-11-09 18:11 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\windows\SysWOW64\imkr80.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2016-11-09 18:11 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\tintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\quick.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\phon.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\cintlgnt.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\chajei.ime
2016-11-09 18:11 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\windows\SysWOW64\pintlgnt.ime
2016-11-09 18:11 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAnimation.dll
2016-11-09 18:11 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\UIAnimation.dll
2016-11-09 18:11 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-11-09 18:11 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-11-09 18:11 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-11-09 18:11 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-11-09 18:11 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-11-09 18:11 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-11-09 18:11 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2016-11-09 18:10 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-11-09 18:10 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-11-09 18:10 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-11-09 18:10 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-11-09 18:10 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-11-09 18:10 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-11-09 18:10 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-11-09 18:10 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-11-09 18:10 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-11-09 18:10 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-11-09 18:10 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-11-09 18:10 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-11-09 18:10 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-11-09 18:10 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-11-09 18:10 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-11-09 18:10 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-11-09 18:10 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-11-09 18:10 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-11-09 18:10 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-11-09 18:10 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 18:10 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-11-09 18:10 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-11-09 18:10 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-11-09 18:10 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-11-09 18:10 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-11-09 18:10 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-11-09 18:10 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-11-09 18:10 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-11-09 18:10 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-11-09 18:10 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-11-09 18:10 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-11-09 18:10 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-11-09 18:10 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-11-09 18:10 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 18:10 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-11-09 18:10 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-11-09 18:10 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-11-09 18:10 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-11-09 18:10 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-11-08 22:39 - 2016-11-08 22:39 - 02941019 _____ C:\Users\Lynne\Documents\a AZ -- netgear modem  manual N450_CG3000Dv2_UM_03Apr2014.pdf
2016-11-06 21:20 - 2016-11-06 21:20 - 00266259 _____ C:\Users\Lynne\Documents\After You Apply nyc apt lottery low income.pdf
2016-11-06 21:17 - 2016-11-06 21:17 - 00289229 _____ C:\Users\Lynne\Documents\What To Expect nyc apts rental process low income lottery.pdf
2016-11-06 21:07 - 2016-11-06 21:07 - 00356492 _____ C:\Users\Lynne\Documents\Monthly-Listings-MAP nyc apt lotteries.pdf
2016-11-06 20:50 - 2016-11-06 20:51 - 00794905 _____ C:\Users\Lynne\Documents\Calendar_October2016 nyc senior services.pdf
2016-11-06 20:18 - 2016-11-06 20:18 - 01362509 _____ C:\Users\Lynne\Documents\doc_13030 nyc apt 202.pdf
2016-11-06 18:43 - 2016-11-06 18:43 - 00014006 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Best Medicare Part D Plans 2017.wbk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-05 21:11 - 2016-07-14 19:58 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467.job
2016-12-05 19:57 - 2009-07-13 22:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-05 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-12-05 17:11 - 2016-07-14 19:58 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce.job
2016-12-04 14:30 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-04 14:30 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-04 14:23 - 2016-06-12 09:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 14:22 - 2014-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-04 14:22 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-04 14:20 - 2011-11-19 19:06 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-04 14:20 - 2011-11-19 19:05 - 00000000 ____D C:\ProgramData\iolo
2016-12-04 12:28 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\ProductData
2016-12-04 01:36 - 2013-05-25 05:39 - 00000000 ____D C:\Users\Lynne\Documents\My Kindle Content
2016-12-03 16:00 - 2016-08-21 16:53 - 00000000 ____D C:\Users\Lynne\Documents\My Digital Editions
2016-12-03 13:12 - 2016-08-22 23:56 - 00013723 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Nicole Jordan Books.wbk
2016-12-02 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-12-02 18:01 - 2013-06-10 14:51 - 00000000 ____D C:\Users\Lynne\AppData\Local\ElevatedDiagnostics
2016-12-01 20:51 - 2014-12-18 21:12 - 00002886 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (Lynne)
2016-12-01 20:21 - 2016-10-08 18:19 - 58011648 _____ C:\windows\system32\config\components.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag
2016-12-01 19:27 - 2012-04-06 17:29 - 00775084 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-01 06:57 - 2015-07-04 17:44 - 00002155 _____ C:\windows\epplauncher.mif
2016-12-01 06:57 - 2015-07-04 17:44 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-30 09:44 - 2016-07-17 22:16 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-11-29 00:24 - 2016-07-17 22:36 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1468820078
2016-11-28 00:20 - 2016-09-05 12:28 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-27 16:48 - 2015-08-13 14:32 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-22 21:05 - 2016-09-20 10:49 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Thai Dinner use this one
2016-11-22 14:37 - 2012-04-06 15:02 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Skype
2016-11-22 14:20 - 2012-04-06 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-11-22 14:19 - 2012-04-06 15:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-21 09:47 - 2011-10-18 06:39 - 00000000 ____D C:\windows\SysWOW64\sda
2016-11-21 02:27 - 2014-09-12 12:43 - 00000000 ___RD C:\Users\Lynne\Documents\icons from home screen
2016-11-20 07:06 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 17:57 - 2016-05-21 18:56 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-16 20:09 - 2016-09-20 11:00 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Wine Pairings Info
2016-11-16 19:03 - 2016-07-17 22:16 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-11-16 19:03 - 2014-12-18 21:15 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\ProductData
2016-11-16 19:03 - 2014-12-18 21:10 - 00000000 ____D C:\Users\Lynne\AppData\LocalLow\IObit
2016-11-16 19:03 - 2014-12-18 21:09 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\IObit
2016-11-16 19:03 - 2012-03-05 12:01 - 00000000 ____D C:\Users\Lynne\Documents\wl buddies_files
2016-11-16 19:02 - 2011-10-18 07:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-16 19:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2016-11-16 18:35 - 2011-11-19 18:37 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
2016-11-16 18:35 - 2011-11-19 18:27 - 00000000 ____D C:\Users\Lynne
2016-11-15 13:24 - 2014-11-29 10:03 - 00000000 ____D C:\Users\Lynne\Documents\personal growth stuff
2016-11-15 11:28 - 2014-08-22 14:40 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 11:28 - 2011-10-18 07:17 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 12:10 - 2015-05-19 21:09 - 00004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-13 12:05 - 2011-10-18 07:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 19:12 - 2011-10-18 07:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 09:22 - 2009-07-13 21:45 - 00408136 _____ C:\windows\system32\FNTCACHE.DAT
2016-11-09 06:31 - 2013-08-16 11:51 - 00000000 ____D C:\windows\system32\MRT
2016-11-09 06:06 - 2011-11-25 13:14 - 141011376 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-11-06 03:01 - 2016-10-20 21:27 - 00218709 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Gaelen Foley Books.wbk
 
==================== Files in the root of some directories =======
 
2015-02-22 17:52 - 2015-02-22 17:52 - 0004096 ____H () C:\Users\Lynne\AppData\Local\keyfile3.drm
2016-06-02 17:33 - 2016-06-02 17:33 - 0007608 _____ () C:\Users\Lynne\AppData\Local\Resmon.ResmonCfg
2012-01-14 14:06 - 2012-01-14 14:25 - 0002176 _____ () C:\Users\Lynne\AppData\Local\seed.log
2016-10-06 16:38 - 2016-10-06 16:38 - 0050789 _____ () C:\ProgramData\1475796929.bdinstall.bin
2013-10-09 16:45 - 2013-10-09 16:45 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-04 15:36
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 10 December 2016 - 10:40 AM

Greetings Pei and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to see a more recent look at your computer. Please rerun FRST then copy and paste both FRST.txt and Addition.txt in your reply.

Edited by Oh My!, 10 December 2016 - 10:41 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 04:02 PM

Hello Gary, Thank you very much for taking the time to respond to my post, I truly appreciate the efforts everyone here makes to help others...I was panic stricken when I found this site, feeling calmer now just know someone who knows this language is going to at least look into my issues...again thank you.

I reran the scans and will paste them into this reply as per your instructions. I check my email several times a day and will respond within 24 hours of reading an email from you, if not sooner. I look forward to working with you. And don't worry...i really do not know enough to 'swim out into deep waters' on my own, I'm acutely aware of my limitations in this particular arena! Thank you again, Lynne

Here are the scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Lynne (administrator) on LYNNE-PC (11-12-2016 13:32:06)
Running from C:\Users\Lynne\Downloads
Loaded Profiles: Lynne (Available Profiles: Lynne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Farbar) C:\Users\Lynne\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-28] (AVAST Software)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [Google Update] => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-26] (Google Inc.)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2663092148-2684428880-4007880259-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{5844C1A7-ED4C-40E3-BDD7-F570BA8774A9}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9402C150-9642-4AE6-BE05-C339532ED0C9}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B2E2A3A6-944A-477B-9517-1A19760633EB}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{B5CE4FE4-849C-4A2B-9C3D-55C3D4C66796}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> DefaultScope {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default [2016-12-04]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5lzddykh.default -> hxxp://www.yahoo.com/
FF Extension: (Ghostery) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\firefox@ghostery.com.xpi [2016-09-07]
FF Extension: (Dashlane) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-06-03]
FF Extension: (AdBlock Lite) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-07-07]
FF Extension: (Toggle JavaScript) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-KYgT07tufVQH4w@jetpack.xpi [2016-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2012-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @BluebeamPDF/PDF viewer -> C:\Program Files (x86)\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll [2013-09-24] (Bluebeam Software, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/O1DPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate07132013
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Common Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\acffocjoafjbncgcmoephiffghmjlfdi [2016-09-24]
CHR Extension: (Tri Jeweled 2) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bennkoppbniegdeakggleaifebacachi [2016-07-04]
CHR Extension: (Hidden Objects - House 1) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2016-07-04]
CHR Extension: (Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmfahnddgeeapjmnbnhffcopglalehoj [2016-07-04]
CHR Extension: (AdBlock) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-11]
CHR Extension: (Fitz 2: Magic Match 3 Puzzle) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpljpgkbcdgokloimcnjlpomliallcdo [2016-07-04]
CHR Extension: (Music Player for Google Drive) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2016-09-12]
CHR Extension: (Jewel Academy) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcbahondobhelgdoiiafgcahfconlab [2016-07-04]
CHR Extension: (Hidden Object Games) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcjejipaofdlncnaamfgpailbolbpll [2016-07-04]
CHR Extension: (Sounds & Music to Study) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkiolflpfgfckehinhoepmhaoijohijh [2016-09-12]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-12-06]
CHR Extension: (Radio Player UK) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihelodhpehphabeeommiodngebkghke [2016-09-12]
CHR Extension: (Ghostery) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-27]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-05]
CHR Extension: (Mahjong Solitaire) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2016-07-04]
CHR Extension: (OK Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfpafmpnlgclkmfnfmmigcidnkcimbia [2016-07-04]
CHR Extension: (Gems Match Deluxe) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaaboooklodfocbddhdlnacndjdenmd [2016-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Mahjong Master) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf [2016-07-04]
CHR Extension: (Radio Player Live Stations) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooflekjlabfkiacfocahkgcdadcnhmjf [2016-09-12]
CHR Extension: (Mayan Caves) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\phemejbnagnfkhkhhjjifkbckfoaojbh [2016-07-04]
CHR Extension: (Weather Underground) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; C:\windows\system32\drivers\aswHdsKe.sys [82936 2016-11-27] (AVAST Software)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-07-17] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [34816 2007-07-26] (ASIX Electronics Corp.)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [23464 2011-08-11] (EldoS Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-07-09] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [418784 2016-11-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [3709656 2016-07-09] (Realtek Semiconductor Corporation                           )
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 PDFsFilter; system32\DRIVERS\PDFsFilter.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-11 13:30 - 2016-12-11 13:31 - 02420224 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64 (1).exe
2016-12-08 10:44 - 2016-12-08 10:44 - 00980495 _____ C:\Users\Lynne\Downloads\349768_OPT16401_1401709_CMuserguideV2_OL_HR.pdf
2016-12-07 21:13 - 2016-12-07 21:13 - 00001784 _____ C:\Users\Lynne\Downloads\OnceUponaWintersEve9781609288822.acsm
2016-12-05 21:15 - 2016-12-05 21:19 - 00042107 _____ C:\Users\Lynne\Downloads\Addition.txt
2016-12-05 21:08 - 2016-12-11 13:33 - 00023135 _____ C:\Users\Lynne\Downloads\FRST.txt
2016-12-05 21:07 - 2016-12-11 13:32 - 00000000 ____D C:\FRST
2016-12-05 21:06 - 2016-12-05 21:07 - 02419712 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64.exe
2016-12-05 20:03 - 2016-12-05 20:03 - 00000000 ____D C:\Users\Lynne\Desktop\Dec2016Backup
2016-12-05 17:45 - 2016-12-05 17:45 - 00068281 _____ C:\Users\Lynne\Downloads\Toshiba Satellite C655D-S5234 User Manual20161206775246800.pdf
2016-12-05 17:20 - 2016-12-05 17:20 - 00017152 _____ C:\Users\Lynne\Documents\Backup of a AZ --bleepingcomputer help for debacle  re win 10 letter.wbk
2016-12-05 02:50 - 2016-12-05 02:50 - 00013741 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to send to Laurie.wbk
2016-12-03 15:58 - 2016-12-03 15:58 - 00001773 _____ C:\Users\Lynne\Downloads\MarkoftheRose9781101543917.acsm
2016-12-01 20:21 - 2016-12-01 20:21 - 00000000 ____H C:\asc_rdflag
2016-12-01 20:00 - 2016-12-01 20:00 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\SysWOW64\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\system32\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-01 19:59 - 2016-12-01 20:00 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-12-01 19:59 - 2016-12-01 19:59 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-29 23:21 - 2016-12-03 13:33 - 00014178 _____ C:\Users\Lynne\Documents\Backup of a AZ -- TESSA DARE SERIES LIST.wbk
2016-11-28 21:40 - 2016-11-28 21:40 - 00014921 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Amazon Bed Risers Options.wbk
2016-11-28 00:23 - 2016-11-27 10:35 - 00082936 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2016-11-28 00:17 - 2016-10-13 07:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw531A.tmp
2016-11-28 00:17 - 2016-09-22 07:50 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5193.tmp
2016-11-28 00:17 - 2016-09-13 09:29 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw4889.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw54B1.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw4E66.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw4B48.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw502B.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw4CDF.tmp
2016-11-28 00:17 - 2016-08-19 14:49 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw4628.tmp
2016-11-28 00:16 - 2016-08-19 14:50 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-11-27 20:47 - 2016-11-27 20:47 - 00012661 _____ C:\Users\Lynne\Documents\Backup of a AZ -- bleeping computer User ID.wbk
2016-11-27 12:21 - 2016-11-27 12:21 - 00012775 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Vascular doctor to do vein.wbk
2016-11-27 00:37 - 2016-11-27 00:38 - 01195800 _____ (iolo technologies, LLC) C:\Users\Lynne\Documents\sm_dm.exe
2016-11-27 00:18 - 2016-11-27 00:18 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (3).exe
2016-11-27 00:16 - 2016-11-27 13:39 - 00014972 _____ C:\Users\Lynne\Documents\Backup of a AZ --debacle  re win 10 letter.wbk
2016-11-27 00:14 - 2016-11-27 00:14 - 00000000 ____D C:\iolo
2016-11-27 00:14 - 2016-11-27 00:13 - 41276784 _____ C:\Users\Lynne\Documents\SystemMechanic.exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (2).exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00074703 _____ C:\windows\SysWOW64mfc45.dll
2016-11-27 00:10 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (1).exe
2016-11-26 19:43 - 2016-11-26 19:43 - 00013328 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Ellen.wbk
2016-11-26 15:37 - 2016-11-26 15:37 - 00340988 _____ C:\Users\Lynne\Documents\view-from-the-front-line_1.pdf
2016-11-26 13:58 - 2016-11-26 13:58 - 02941234 _____ C:\Users\Lynne\Documents\ffc43ac0-5a76-4196-84ed-368f8c309452.pdf
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-22 21:02 - 2016-11-23 15:31 - 00000000 ____D C:\Users\Lynne\Documents\Thai use these
2016-11-21 15:39 - 2016-11-21 15:39 - 00013538 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Lemongrass and Chili Relish.wbk
2016-11-21 15:19 - 2016-11-21 15:19 - 00013140 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Roasted Chili Jam Dipping Sauce 1890.wbk
2016-11-21 12:54 - 2016-11-21 12:54 - 00014478 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Rice Cooking  in Microwave.wbk
2016-11-21 09:46 - 2016-11-21 09:46 - 09891328 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
2016-11-21 09:46 - 2016-11-21 09:46 - 04332032 _____ (Realtek Semiconductor Corp.) C:\windows\RtCRU64.exe
2016-11-21 09:46 - 2016-11-21 09:46 - 00418784 _____ (Realsil Semiconductor Corporation) C:\windows\system32\Drivers\RtsUer.sys
2016-11-21 09:46 - 2016-11-21 09:46 - 00084480 _____ (Realtek Semiconductor.) C:\windows\system32\SETA6DB.tmp
2016-11-20 11:56 - 2016-11-20 11:56 - 00013092 _____ C:\Users\Lynne\Documents\Backup of a AZ -- thai chili caramel sauce.wbk
2016-11-20 07:08 - 2016-11-20 07:08 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-20 07:08 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-11-19 15:56 - 2016-11-19 15:56 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-11-18 20:56 - 2016-11-18 20:56 - 04457355 _____ C:\Users\Lynne\Documents\2016-11-15-Trump_Letter.pdf
2016-11-17 17:48 - 2016-11-17 17:49 - 45738048 _____ (IObit ) C:\Users\Lynne\Documents\imfv4-setup-trial.exe
2016-11-16 23:19 - 2016-11-16 23:19 - 00016964 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Yellow Turkey Curry.wbk
2016-11-16 21:11 - 2016-11-16 21:11 - 00016572 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Feast Under An Hour.wbk
2016-11-16 20:53 - 2016-11-16 20:53 - 00013810 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato and Carrot Soup.wbk
2016-11-16 20:45 - 2016-11-16 20:45 - 00013660 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet and Spicy Relish.wbk
2016-11-16 20:13 - 2016-11-24 00:35 - 00000000 ____D C:\Users\Lynne\Documents\Thai Dinner
2016-11-15 19:45 - 2016-11-15 19:45 - 01799221 _____ C:\Users\Lynne\Documents\travel club 50 and over novembernewsletter2016.pdf
2016-11-15 14:27 - 2013-10-04 12:36 - 00436930 _____ C:\Users\Lynne\Documents\11steps - Copy.pdf
2016-11-12 19:14 - 2016-11-23 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-12 19:12 - 2016-12-11 13:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a.job
2016-11-12 19:12 - 2016-12-10 19:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc.job
2016-11-12 19:12 - 2016-11-12 19:12 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a
2016-11-12 19:12 - 2016-11-12 19:12 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc
2016-11-12 19:07 - 2016-11-12 19:09 - 01065376 _____ (Google Inc.) C:\Users\Lynne\Documents\googledrivesync.exe
2016-11-12 17:30 - 2016-11-12 17:30 - 00016270 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Malware Tips Website  free help.wbk
2016-11-12 13:13 - 2016-11-12 13:13 - 00014503 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato Tom Kha.wbk
2016-11-11 22:49 - 2016-11-11 22:49 - 00014540 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Cinnamon Raisin Bread Pudding with Vanilla Sauce.wbk
2016-11-11 22:21 - 2016-11-11 22:21 - 00110316 _____ C:\Users\Lynne\Documents\a AZ -- Bread pudding (1) to edit.pdf
2016-11-11 22:20 - 2016-11-11 22:20 - 00110316 _____ C:\Users\Lynne\Documents\Bread pudding.pdf
2016-11-11 12:28 - 2016-11-12 12:32 - 00017403 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to pay attention to.wbk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-11 13:11 - 2016-07-14 19:58 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467.job
2016-12-11 12:41 - 2013-05-25 05:39 - 00000000 ____D C:\Users\Lynne\Documents\My Kindle Content
2016-12-11 11:19 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 11:19 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-10 17:11 - 2016-07-14 19:58 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce.job
2016-12-09 14:54 - 2012-01-14 22:19 - 00000000 ____D C:\Users\Lynne\AppData\Local\CrashDumps
2016-12-08 10:00 - 2016-07-17 22:16 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-12-07 21:14 - 2016-08-21 16:53 - 00000000 ____D C:\Users\Lynne\Documents\My Digital Editions
2016-12-05 19:57 - 2009-07-13 22:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-05 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-12-04 14:23 - 2016-06-12 09:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 14:22 - 2014-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-04 14:22 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-04 14:20 - 2011-11-19 19:06 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-04 14:20 - 2011-11-19 19:05 - 00000000 ____D C:\ProgramData\iolo
2016-12-04 12:28 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\ProductData
2016-12-03 16:43 - 2016-11-01 14:28 - 00013762 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Julie Anne Books.wbk
2016-12-03 13:12 - 2016-08-22 23:56 - 00013723 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Nicole Jordan Books.wbk
2016-12-02 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-12-02 18:01 - 2013-06-10 14:51 - 00000000 ____D C:\Users\Lynne\AppData\Local\ElevatedDiagnostics
2016-12-01 20:51 - 2014-12-18 21:12 - 00002886 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (Lynne)
2016-12-01 20:21 - 2016-10-08 18:19 - 58011648 _____ C:\windows\system32\config\components.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag
2016-12-01 19:27 - 2012-04-06 17:29 - 00775084 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-01 06:57 - 2015-07-04 17:44 - 00002155 _____ C:\windows\epplauncher.mif
2016-12-01 06:57 - 2015-07-04 17:44 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-29 00:24 - 2016-07-17 22:36 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1468820078
2016-11-28 00:20 - 2016-09-05 12:28 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-27 16:48 - 2015-08-13 14:32 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-22 21:05 - 2016-09-20 10:49 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Thai Dinner use this one
2016-11-22 14:37 - 2012-04-06 15:02 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Skype
2016-11-22 14:20 - 2012-04-06 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-11-22 14:19 - 2012-04-06 15:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-21 09:47 - 2011-10-18 06:39 - 00000000 ____D C:\windows\SysWOW64\sda
2016-11-21 02:27 - 2014-09-12 12:43 - 00000000 ___RD C:\Users\Lynne\Documents\icons from home screen
2016-11-20 07:06 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 17:57 - 2016-05-21 18:56 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-16 20:09 - 2016-09-20 11:00 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Wine Pairings Info
2016-11-16 19:03 - 2016-07-17 22:16 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-11-16 19:03 - 2014-12-18 21:15 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\ProductData
2016-11-16 19:03 - 2014-12-18 21:10 - 00000000 ____D C:\Users\Lynne\AppData\LocalLow\IObit
2016-11-16 19:03 - 2014-12-18 21:09 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\IObit
2016-11-16 19:03 - 2012-03-05 12:01 - 00000000 ____D C:\Users\Lynne\Documents\wl buddies_files
2016-11-16 19:02 - 2011-10-18 07:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-16 19:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2016-11-16 18:35 - 2011-11-19 18:37 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
2016-11-16 18:35 - 2011-11-19 18:27 - 00000000 ____D C:\Users\Lynne
2016-11-15 13:24 - 2014-11-29 10:03 - 00000000 ____D C:\Users\Lynne\Documents\personal growth stuff
2016-11-15 11:28 - 2014-08-22 14:40 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 11:28 - 2011-10-18 07:17 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 12:10 - 2015-05-19 21:09 - 00004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-13 12:05 - 2011-10-18 07:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 19:12 - 2011-10-18 07:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 09:22 - 2009-07-13 21:45 - 00408136 _____ C:\windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-02-22 17:52 - 2015-02-22 17:52 - 0004096 ____H () C:\Users\Lynne\AppData\Local\keyfile3.drm
2016-06-02 17:33 - 2016-06-02 17:33 - 0007608 _____ () C:\Users\Lynne\AppData\Local\Resmon.ResmonCfg
2012-01-14 14:06 - 2012-01-14 14:25 - 0002176 _____ () C:\Users\Lynne\AppData\Local\seed.log
2016-10-06 16:38 - 2016-10-06 16:38 - 0050789 _____ () C:\ProgramData\1475796929.bdinstall.bin
2013-10-09 16:45 - 2013-10-09 16:45 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-04 15:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Lynne (11-12-2016 13:37:25)
Running from C:\Users\Lynne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-20 01:27:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2663092148-2684428880-4007880259-500 - Administrator - Disabled)
Guest (S-1-5-21-2663092148-2684428880-4007880259-501 - Limited - Disabled)
Lynne (S-1-5-21-2663092148-2684428880-4007880259-1000 - Administrator - Enabled) => C:\Users\Lynne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AIM for Windows (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\AIM) (Version:  - AOL Inc.)
Amazon Kindle (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bluebeam Revu x64 11 (HKLM-x32\...\InstallShield_{FAC5F00B-0E05-4EA9-A48D-E496296AF75B}) (Version: 11.6.0 - Bluebeam Software)
Bluebeam Revu x64 11 (Version: 11.6.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
File-Extensions.org Search (HKLM\...\File-Extensions.org Search) (Version:  - Digidy, s.r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 15.5.0 - iolo technologies, LLC)
Jacquie Lawson Quick Send Widget (HKLM-x32\...\JLQuickSendWidget) (Version: 1.0.3 - MicroCourt Limited)
Jacquie Lawson Quick Send Widget (x32 Version: 1.0.3 - MicroCourt Limited) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14E91521-D805-4BFF-B2C2-B6C3B22182B0} - System32\Tasks\SafeZone scheduled Autoupdate 1468820078 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {17D71364-DA87-40A2-9371-B117F90F2DDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1FEC5547-5C2F-483A-B8FA-0EDE3571D9FE} - System32\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {216278DC-8D5A-4665-9DF2-8A4561D27D19} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-28] (Adobe Systems Incorporated)
Task: {29D6A9BB-7934-46B0-966D-F0A9113F28E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3872C1B0-708B-478E-9546-B9E5C267AC8A} - System32\Tasks\{7E69325B-43BD-4504-A86D-367B78C59E6A} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {3950FE5B-FAE5-4DDF-AC04-3F5FECD908C9} - System32\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3A696EFA-B503-4F27-9073-5D923BC47C92} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {3F0966B4-AFF6-49F4-B316-4340D6C2C752} - \iolo SCU task one -> No File <==== ATTENTION
Task: {50962B20-3DFD-4325-A2E6-8956BA9F6137} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-19] (AVAST Software)
Task: {5C5011EE-FAE6-4A72-A598-341B965F461C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {70362E56-2B2C-4959-BC8A-B16644E83019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8EDB293B-53EE-4F49-B9E3-B4B9906D6064} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467 => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {97811780-3C3E-4ACD-B30F-367F6ADDF3F8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software)
Task: {99E83C37-25C4-49B7-84FE-D8438F1F2190} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9B2680F1-B283-46FB-86C9-16D47D10269C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A78ED252-39F4-427D-9E23-ED8074EFD8A1} - System32\Tasks\Driver Booster SkipUAC (Lynne) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
Task: {A86DBF13-1CD4-493D-A366-2279463CF17A} - System32\Tasks\{C9DD89A3-F427-4F01-845C-4BE9508B0A90} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B01CCF33-77E7-4422-99EB-B01D926A75A7} - System32\Tasks\{29C6A625-127B-4363-9A42-7FAFA331DFDF} => Firefox.exe 
Task: {B3396BB2-557E-4599-8E13-6E3208F238F5} - System32\Tasks\{CAEDB9F1-0B98-4907-B97F-BCA0C5AE2725} => C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RmbChange.exe [2010-10-08] (TODO: <Company name>)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E5C44366-9D2E-464D-A1F8-FF4698549828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E7AA3EB4-4519-4CED-80CF-5FDD46E44DCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {EE89E7F5-2783-4C3B-9FB8-195323325A71} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Lynne\Desktop\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cook's Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mcdlgpiabckkhmfnbndpomhopbmjdhoj
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Jazz Radio Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceccemkmbbmaaaegfhafhjfbbdindaof
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\moodstream.net (standard).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jhbfhdhkiompjaofhkiabbefdhbnhdlp
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TimeDoser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cmkneeaihlcdllananjlkmppnkdahdcc
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-04 22:17 - 2013-09-04 22:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:23 - 2010-10-20 13:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-03-29 19:48 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2016-11-15 11:27 - 2016-11-08 14:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 11:27 - 2016-11-08 14:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2013-09-04 22:17 - 2013-09-04 22:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-08-19 14:49 - 2016-08-19 14:49 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-01 06:50 - 2016-12-01 06:50 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16120100\algo.dll
2016-08-19 14:50 - 2016-08-19 14:50 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-09 09:48 - 2016-12-09 09:48 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16120901\algo.dll
2016-12-11 11:19 - 2016-12-11 11:19 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16121100\algo.dll
2013-09-04 22:14 - 2013-09-04 22:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:45 - 2010-10-20 13:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-07-17 22:13 - 2016-07-17 22:13 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4789 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-07-04 17:39 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Lynne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson London Advent Calendar.lnk => C:\windows\pss\Jacquie Lawson London Advent Calendar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lynne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk => C:\windows\pss\Jacquie Lawson Quick Send Widget.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BbInstallUser => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FCB8509E-0F79-402D-837D-1FEA59469693}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}] => LPort=2869
FirewallRules: [{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}] => LPort=1900
FirewallRules: [{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0D075879-BDD9-4B85-AADE-9EDC505B2708}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{484D06A6-69B3-41E5-9040-89C783D58AA0}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{063709CD-E873-4C92-8548-D5D0BEBEAA3C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AECB55A-0181-4E3B-8E29-86ABE53F3C1C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{282EEFFD-62B5-4233-95A7-D4DB5BB96146}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D47DBFB6-8DB8-4B14-B58B-FC316DAD39B5}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA426D2A-CAF1-4495-A9D2-2D7665E235DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A87A983-A671-4CDF-BC06-5DB69E2AAF2A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83FD4EC6-28F5-4F8C-A90A-4FEC79008E7B}] => C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{2080AB34-03AC-4E22-B0A3-9284943244C4}] => C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{887567F2-0F6B-449B-BF90-458667EF2551}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8B9EB0E5-1791-4079-8170-B0D16759C9F9}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{7D8D85DA-B2BC-444D-95E9-8F474DC7BCE5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF94435B-617E-4728-BC53-3F804127194E}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{F8B65F0F-EB8F-4905-91A0-29E2239393C1}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
 
==================== Restore Points =========================
 
27-11-2016 10:53:44 Windows Update
30-11-2016 11:14:28 Windows Update
01-12-2016 06:48:56 Windows Update
01-12-2016 19:41:14 Windows Modules Installer
05-12-2016 08:07:28 Windows Update
09-12-2016 14:17:31 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2016 11:16:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
Exception code: 0xc0000005
Fault offset: 0x0000000000023c00
Faulting process id: 0xfd0
Faulting application start time: 0x01d25397edbe61a6
Faulting application path: C:\windows\system32\CompatTelRunner.exe
Faulting module path: C:\windows\system32\devinv.dll
Report Id: f42df78e-bfcd-11e6-8d32-00266ce28c52
 
Error: (12/09/2016 02:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DigitalEditions.exe, version: 4.5.2.0, time stamp: 0x57a3f6aa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04d104b0
Faulting process id: 0x3a0
Faulting application start time: 0x01d25266708ecacf
Faulting application path: C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
Faulting module path: unknown
Report Id: 14804557-be5a-11e6-8d32-00266ce28c52
 
Error: (12/09/2016 02:54:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DigitalEditions.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at DE.App.Main()
 
Error: (12/08/2016 10:26:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (12/04/2016 02:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 08:48:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 08:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 07:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/28/2016 12:30:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/23/2016 11:40:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/11/2016 11:49:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.233.1990.0).
 
Error: (12/11/2016 11:47:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.233.1854.0
 
Update Source: Microsoft Update Server
 
Update Stage: Install
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13303.0
 
Error code: 0x80070643
 
Error description: Fatal error during installation.
 
Error: (12/11/2016 11:16:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/09/2016 02:12:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
 
Error: (12/08/2016 09:58:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/07/2016 06:56:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/05/2016 03:47:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/04/2016 06:58:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/04/2016 06:58:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/04/2016 06:58:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
CodeIntegrity:
===================================
  Date: 2016-07-30 12:28:10.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 12:28:10.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 19:14:03.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 19:14:03.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 02:53:43.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 02:53:42.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 21:13:30.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 21:13:29.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-22 06:35:34.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-22 06:35:33.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD C-50 Processor
Percentage of memory in use: 76%
Total physical RAM: 2662.87 MB
Available physical RAM: 617.59 MB
Total Virtual: 5323.92 MB
Available Virtual: 1821.22 MB
 
==================== Drives ================================
 
Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:205.47 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2B538AD9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 

 



#4 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 04:12 PM

I think I messed up how I was to post my reply, so I'm redoing it...just in case.So here it is and the scans follow.

 

Hello Gary, Thank you very much for taking the time to respond to my post, I truly appreciate the efforts everyone here makes to help others...I was panic stricken when I found this site, feeling calmer now just know someone who knows this language is going to at least look into my issues...again thank you.

I reran the scans and will paste them into this reply as per your instructions. I check my email several times a day and will respond within 24 hours of reading an email from you, if not sooner. I look forward to working with you. And don't worry...i really do not know enough to 'swim out into deep waters' on my own, I'm acutely aware of my limitations in this particular arena! Thank you again, Lynne

Here are the scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Lynne (administrator) on LYNNE-PC (11-12-2016 13:32:06)
Running from C:\Users\Lynne\Downloads
Loaded Profiles: Lynne (Available Profiles: Lynne)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\windows\System32\atiesrxx.exe
(AMD) C:\windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Farbar) C:\Users\Lynne\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-28] (AVAST Software)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [Google Update] => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-26] (Google Inc.)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2663092148-2684428880-4007880259-1000] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{5844C1A7-ED4C-40E3-BDD7-F570BA8774A9}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9402C150-9642-4AE6-BE05-C339532ED0C9}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B2E2A3A6-944A-477B-9517-1A19760633EB}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{B5CE4FE4-849C-4A2B-9C3D-55C3D4C66796}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> DefaultScope {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {4B41FB85-5C6E-4277-A004-D856535B7A42} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7A37E365-7885-4492-933C-EB23B7E27523} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS474
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default [2016-12-04]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5lzddykh.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\5lzddykh.default -> hxxp://www.yahoo.com/
FF Extension: (Ghostery) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\firefox@ghostery.com.xpi [2016-09-07]
FF Extension: (Dashlane) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-06-03]
FF Extension: (AdBlock Lite) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-07-07]
FF Extension: (Toggle JavaScript) - C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\5lzddykh.default\Extensions\jid1-KYgT07tufVQH4w@jetpack.xpi [2016-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-28]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml [2012-02-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @BluebeamPDF/PDF viewer -> C:\Program Files (x86)\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll [2013-09-24] (Bluebeam Software, Inc.)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @talk.google.com/O1DPlugin -> C:\Users\Lynne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2663092148-2684428880-4007880259-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lynne\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://xfinity.comcast.net/?cid=insDate07132013
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Common Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\acffocjoafjbncgcmoephiffghmjlfdi [2016-09-24]
CHR Extension: (Tri Jeweled 2) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bennkoppbniegdeakggleaifebacachi [2016-07-04]
CHR Extension: (Hidden Objects - House 1) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdeppfcebbaecjpbgjejpdmejgndopo [2016-07-04]
CHR Extension: (Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmfahnddgeeapjmnbnhffcopglalehoj [2016-07-04]
CHR Extension: (AdBlock) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-11]
CHR Extension: (Fitz 2: Magic Match 3 Puzzle) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpljpgkbcdgokloimcnjlpomliallcdo [2016-07-04]
CHR Extension: (Music Player for Google Drive) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2016-09-12]
CHR Extension: (Jewel Academy) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcbahondobhelgdoiiafgcahfconlab [2016-07-04]
CHR Extension: (Hidden Object Games) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcjejipaofdlncnaamfgpailbolbpll [2016-07-04]
CHR Extension: (Sounds & Music to Study) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkiolflpfgfckehinhoepmhaoijohijh [2016-09-12]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-12-06]
CHR Extension: (Radio Player UK) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihelodhpehphabeeommiodngebkghke [2016-09-12]
CHR Extension: (Ghostery) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-27]
CHR Extension: (Google Hangouts) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-05]
CHR Extension: (Mahjong Solitaire) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2016-07-04]
CHR Extension: (OK Mahjong) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfpafmpnlgclkmfnfmmigcidnkcimbia [2016-07-04]
CHR Extension: (Gems Match Deluxe) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\njaaboooklodfocbddhdlnacndjdenmd [2016-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Mahjong Master) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghchjojloakfbboibnfnleloeamkkgf [2016-07-04]
CHR Extension: (Radio Player Live Stations) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooflekjlabfkiacfocahkgcdadcnhmjf [2016-09-12]
CHR Extension: (Mayan Caves) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\phemejbnagnfkhkhhjjifkbckfoaojbh [2016-07-04]
CHR Extension: (Weather Underground) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; C:\windows\system32\drivers\aswHdsKe.sys [82936 2016-11-27] (AVAST Software)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2016-07-17] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 AX88772; C:\windows\System32\DRIVERS\ax88772.sys [34816 2007-07-26] (ASIX Electronics Corp.)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [23464 2011-08-11] (EldoS Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-07-09] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [418784 2016-11-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [3709656 2016-07-09] (Realtek Semiconductor Corporation                           )
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 PDFsFilter; system32\DRIVERS\PDFsFilter.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-11 13:30 - 2016-12-11 13:31 - 02420224 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64 (1).exe
2016-12-08 10:44 - 2016-12-08 10:44 - 00980495 _____ C:\Users\Lynne\Downloads\349768_OPT16401_1401709_CMuserguideV2_OL_HR.pdf
2016-12-07 21:13 - 2016-12-07 21:13 - 00001784 _____ C:\Users\Lynne\Downloads\OnceUponaWintersEve9781609288822.acsm
2016-12-05 21:15 - 2016-12-05 21:19 - 00042107 _____ C:\Users\Lynne\Downloads\Addition.txt
2016-12-05 21:08 - 2016-12-11 13:33 - 00023135 _____ C:\Users\Lynne\Downloads\FRST.txt
2016-12-05 21:07 - 2016-12-11 13:32 - 00000000 ____D C:\FRST
2016-12-05 21:06 - 2016-12-05 21:07 - 02419712 _____ (Farbar) C:\Users\Lynne\Downloads\FRST64.exe
2016-12-05 20:03 - 2016-12-05 20:03 - 00000000 ____D C:\Users\Lynne\Desktop\Dec2016Backup
2016-12-05 17:45 - 2016-12-05 17:45 - 00068281 _____ C:\Users\Lynne\Downloads\Toshiba Satellite C655D-S5234 User Manual20161206775246800.pdf
2016-12-05 17:20 - 2016-12-05 17:20 - 00017152 _____ C:\Users\Lynne\Documents\Backup of a AZ --bleepingcomputer help for debacle  re win 10 letter.wbk
2016-12-05 02:50 - 2016-12-05 02:50 - 00013741 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to send to Laurie.wbk
2016-12-03 15:58 - 2016-12-03 15:58 - 00001773 _____ C:\Users\Lynne\Downloads\MarkoftheRose9781101543917.acsm
2016-12-01 20:21 - 2016-12-01 20:21 - 00000000 ____H C:\asc_rdflag
2016-12-01 20:00 - 2016-12-01 20:00 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01462272 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00633296 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-12-01 20:00 - 2016-12-01 20:00 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\SysWOW64\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00419648 _____ C:\windows\system32\locale.nls
2016-12-01 20:00 - 2016-12-01 20:00 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\bcdedit.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-12-01 20:00 - 2016-12-01 20:00 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-12-01 20:00 - 2016-12-01 20:00 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-12-01 20:00 - 2016-12-01 20:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-12-01 19:59 - 2016-12-01 20:00 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-12-01 19:59 - 2016-12-01 19:59 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-01 19:59 - 2016-12-01 19:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-11-29 23:21 - 2016-12-03 13:33 - 00014178 _____ C:\Users\Lynne\Documents\Backup of a AZ -- TESSA DARE SERIES LIST.wbk
2016-11-28 21:40 - 2016-11-28 21:40 - 00014921 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Amazon Bed Risers Options.wbk
2016-11-28 00:23 - 2016-11-27 10:35 - 00082936 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2016-11-28 00:17 - 2016-10-13 07:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw531A.tmp
2016-11-28 00:17 - 2016-09-22 07:50 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5193.tmp
2016-11-28 00:17 - 2016-09-13 09:29 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw4889.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw54B1.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw4E66.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw4B48.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw502B.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw4CDF.tmp
2016-11-28 00:17 - 2016-08-19 14:49 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw4628.tmp
2016-11-28 00:16 - 2016-08-19 14:50 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-11-27 20:47 - 2016-11-27 20:47 - 00012661 _____ C:\Users\Lynne\Documents\Backup of a AZ -- bleeping computer User ID.wbk
2016-11-27 12:21 - 2016-11-27 12:21 - 00012775 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Vascular doctor to do vein.wbk
2016-11-27 00:37 - 2016-11-27 00:38 - 01195800 _____ (iolo technologies, LLC) C:\Users\Lynne\Documents\sm_dm.exe
2016-11-27 00:18 - 2016-11-27 00:18 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (3).exe
2016-11-27 00:16 - 2016-11-27 13:39 - 00014972 _____ C:\Users\Lynne\Documents\Backup of a AZ --debacle  re win 10 letter.wbk
2016-11-27 00:14 - 2016-11-27 00:14 - 00000000 ____D C:\iolo
2016-11-27 00:14 - 2016-11-27 00:13 - 41276784 _____ C:\Users\Lynne\Documents\SystemMechanic.exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (2).exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00074703 _____ C:\windows\SysWOW64mfc45.dll
2016-11-27 00:10 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (1).exe
2016-11-26 19:43 - 2016-11-26 19:43 - 00013328 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Ellen.wbk
2016-11-26 15:37 - 2016-11-26 15:37 - 00340988 _____ C:\Users\Lynne\Documents\view-from-the-front-line_1.pdf
2016-11-26 13:58 - 2016-11-26 13:58 - 02941234 _____ C:\Users\Lynne\Documents\ffc43ac0-5a76-4196-84ed-368f8c309452.pdf
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-11-23 08:19 - 2016-11-23 08:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-11-22 21:02 - 2016-11-23 15:31 - 00000000 ____D C:\Users\Lynne\Documents\Thai use these
2016-11-21 15:39 - 2016-11-21 15:39 - 00013538 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Lemongrass and Chili Relish.wbk
2016-11-21 15:19 - 2016-11-21 15:19 - 00013140 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Roasted Chili Jam Dipping Sauce 1890.wbk
2016-11-21 12:54 - 2016-11-21 12:54 - 00014478 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Rice Cooking  in Microwave.wbk
2016-11-21 09:46 - 2016-11-21 09:46 - 09891328 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
2016-11-21 09:46 - 2016-11-21 09:46 - 04332032 _____ (Realtek Semiconductor Corp.) C:\windows\RtCRU64.exe
2016-11-21 09:46 - 2016-11-21 09:46 - 00418784 _____ (Realsil Semiconductor Corporation) C:\windows\system32\Drivers\RtsUer.sys
2016-11-21 09:46 - 2016-11-21 09:46 - 00084480 _____ (Realtek Semiconductor.) C:\windows\system32\SETA6DB.tmp
2016-11-20 11:56 - 2016-11-20 11:56 - 00013092 _____ C:\Users\Lynne\Documents\Backup of a AZ -- thai chili caramel sauce.wbk
2016-11-20 07:08 - 2016-11-20 07:08 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-20 07:08 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2016-11-19 15:56 - 2016-11-19 15:56 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-11-18 20:56 - 2016-11-18 20:56 - 04457355 _____ C:\Users\Lynne\Documents\2016-11-15-Trump_Letter.pdf
2016-11-17 17:48 - 2016-11-17 17:49 - 45738048 _____ (IObit ) C:\Users\Lynne\Documents\imfv4-setup-trial.exe
2016-11-16 23:19 - 2016-11-16 23:19 - 00016964 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Yellow Turkey Curry.wbk
2016-11-16 21:11 - 2016-11-16 21:11 - 00016572 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Feast Under An Hour.wbk
2016-11-16 20:53 - 2016-11-16 20:53 - 00013810 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato and Carrot Soup.wbk
2016-11-16 20:45 - 2016-11-16 20:45 - 00013660 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet and Spicy Relish.wbk
2016-11-16 20:13 - 2016-11-24 00:35 - 00000000 ____D C:\Users\Lynne\Documents\Thai Dinner
2016-11-15 19:45 - 2016-11-15 19:45 - 01799221 _____ C:\Users\Lynne\Documents\travel club 50 and over novembernewsletter2016.pdf
2016-11-15 14:27 - 2013-10-04 12:36 - 00436930 _____ C:\Users\Lynne\Documents\11steps - Copy.pdf
2016-11-12 19:14 - 2016-11-23 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-12 19:12 - 2016-12-11 13:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a.job
2016-11-12 19:12 - 2016-12-10 19:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc.job
2016-11-12 19:12 - 2016-11-12 19:12 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a
2016-11-12 19:12 - 2016-11-12 19:12 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc
2016-11-12 19:07 - 2016-11-12 19:09 - 01065376 _____ (Google Inc.) C:\Users\Lynne\Documents\googledrivesync.exe
2016-11-12 17:30 - 2016-11-12 17:30 - 00016270 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Malware Tips Website  free help.wbk
2016-11-12 13:13 - 2016-11-12 13:13 - 00014503 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Thai Sweet Potato Tom Kha.wbk
2016-11-11 22:49 - 2016-11-11 22:49 - 00014540 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Cinnamon Raisin Bread Pudding with Vanilla Sauce.wbk
2016-11-11 22:21 - 2016-11-11 22:21 - 00110316 _____ C:\Users\Lynne\Documents\a AZ -- Bread pudding (1) to edit.pdf
2016-11-11 22:20 - 2016-11-11 22:20 - 00110316 _____ C:\Users\Lynne\Documents\Bread pudding.pdf
2016-11-11 12:28 - 2016-11-12 12:32 - 00017403 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Articles to pay attention to.wbk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-11 13:11 - 2016-07-14 19:58 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467.job
2016-12-11 12:41 - 2013-05-25 05:39 - 00000000 ____D C:\Users\Lynne\Documents\My Kindle Content
2016-12-11 11:19 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 11:19 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-10 17:11 - 2016-07-14 19:58 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce.job
2016-12-09 14:54 - 2012-01-14 22:19 - 00000000 ____D C:\Users\Lynne\AppData\Local\CrashDumps
2016-12-08 10:00 - 2016-07-17 22:16 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-12-07 21:14 - 2016-08-21 16:53 - 00000000 ____D C:\Users\Lynne\Documents\My Digital Editions
2016-12-05 19:57 - 2009-07-13 22:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-05 19:57 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-12-04 14:23 - 2016-06-12 09:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 14:22 - 2014-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-04 14:22 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-04 14:20 - 2011-11-19 19:06 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-04 14:20 - 2011-11-19 19:05 - 00000000 ____D C:\ProgramData\iolo
2016-12-04 12:28 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\ProductData
2016-12-03 16:43 - 2016-11-01 14:28 - 00013762 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Julie Anne Books.wbk
2016-12-03 13:12 - 2016-08-22 23:56 - 00013723 _____ C:\Users\Lynne\Documents\Backup of a AZ -- Nicole Jordan Books.wbk
2016-12-02 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-12-02 18:01 - 2013-06-10 14:51 - 00000000 ____D C:\Users\Lynne\AppData\Local\ElevatedDiagnostics
2016-12-01 20:51 - 2014-12-18 21:12 - 00002886 _____ C:\windows\System32\Tasks\Driver Booster SkipUAC (Lynne)
2016-12-01 20:21 - 2016-10-08 18:19 - 58011648 _____ C:\windows\system32\config\components.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 111927296 _____ C:\windows\system32\config\SOFTWARE.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00622592 _____ C:\windows\system32\config\DEFAULT.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00057344 _____ C:\windows\system32\config\SAM.iodefrag
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-01 20:21 - 2016-10-08 18:19 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag
2016-12-01 19:27 - 2012-04-06 17:29 - 00775084 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-01 06:57 - 2015-07-04 17:44 - 00002155 _____ C:\windows\epplauncher.mif
2016-12-01 06:57 - 2015-07-04 17:44 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-01 06:56 - 2015-07-04 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-29 00:24 - 2016-07-17 22:36 - 00003890 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1468820078
2016-11-28 00:20 - 2016-09-05 12:28 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-27 16:48 - 2015-08-13 14:32 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-22 21:05 - 2016-09-20 10:49 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Thai Dinner use this one
2016-11-22 14:37 - 2012-04-06 15:02 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\Skype
2016-11-22 14:20 - 2012-04-06 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-11-22 14:19 - 2012-04-06 15:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-21 09:47 - 2011-10-18 06:39 - 00000000 ____D C:\windows\SysWOW64\sda
2016-11-21 02:27 - 2014-09-12 12:43 - 00000000 ___RD C:\Users\Lynne\Documents\icons from home screen
2016-11-20 07:06 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 17:57 - 2016-05-21 18:56 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-16 20:09 - 2016-09-20 11:00 - 00000000 ____D C:\Users\Lynne\Documents\a AZ -- Wine Pairings Info
2016-11-16 19:03 - 2016-07-17 22:16 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-11-16 19:03 - 2014-12-18 21:15 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\ProductData
2016-11-16 19:03 - 2014-12-18 21:10 - 00000000 ____D C:\Users\Lynne\AppData\LocalLow\IObit
2016-11-16 19:03 - 2014-12-18 21:09 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\IObit
2016-11-16 19:03 - 2012-03-05 12:01 - 00000000 ____D C:\Users\Lynne\Documents\wl buddies_files
2016-11-16 19:02 - 2011-10-18 07:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-16 19:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\registration
2016-11-16 18:35 - 2011-11-19 18:37 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
2016-11-16 18:35 - 2011-11-19 18:27 - 00000000 ____D C:\Users\Lynne
2016-11-15 13:24 - 2014-11-29 10:03 - 00000000 ____D C:\Users\Lynne\Documents\personal growth stuff
2016-11-15 11:28 - 2014-08-22 14:40 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 11:28 - 2011-10-18 07:17 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 12:10 - 2015-05-19 21:09 - 00004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-13 12:05 - 2011-10-18 07:17 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 19:12 - 2011-10-18 07:17 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 09:22 - 2009-07-13 21:45 - 00408136 _____ C:\windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-02-22 17:52 - 2015-02-22 17:52 - 0004096 ____H () C:\Users\Lynne\AppData\Local\keyfile3.drm
2016-06-02 17:33 - 2016-06-02 17:33 - 0007608 _____ () C:\Users\Lynne\AppData\Local\Resmon.ResmonCfg
2012-01-14 14:06 - 2012-01-14 14:25 - 0002176 _____ () C:\Users\Lynne\AppData\Local\seed.log
2016-10-06 16:38 - 2016-10-06 16:38 - 0050789 _____ () C:\ProgramData\1475796929.bdinstall.bin
2013-10-09 16:45 - 2013-10-09 16:45 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-04 15:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Lynne (11-12-2016 13:37:25)
Running from C:\Users\Lynne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-11-20 01:27:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2663092148-2684428880-4007880259-500 - Administrator - Disabled)
Guest (S-1-5-21-2663092148-2684428880-4007880259-501 - Limited - Disabled)
Lynne (S-1-5-21-2663092148-2684428880-4007880259-1000 - Administrator - Enabled) => C:\Users\Lynne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AIM for Windows (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\AIM) (Version:  - AOL Inc.)
Amazon Kindle (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bluebeam Revu x64 11 (HKLM-x32\...\InstallShield_{FAC5F00B-0E05-4EA9-A48D-E496296AF75B}) (Version: 11.6.0 - Bluebeam Software)
Bluebeam Revu x64 11 (Version: 11.6.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\Dashlane) (Version: 4.5.0.13208 - Dashlane SAS)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
File-Extensions.org Search (HKLM\...\File-Extensions.org Search) (Version:  - Digidy, s.r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 15.5.0 - iolo technologies, LLC)
Jacquie Lawson Quick Send Widget (HKLM-x32\...\JLQuickSendWidget) (Version: 1.0.3 - MicroCourt Limited)
Jacquie Lawson Quick Send Widget (x32 Version: 1.0.3 - MicroCourt Limited) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.1 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17329 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lynne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14E91521-D805-4BFF-B2C2-B6C3B22182B0} - System32\Tasks\SafeZone scheduled Autoupdate 1468820078 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {17D71364-DA87-40A2-9371-B117F90F2DDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1FEC5547-5C2F-483A-B8FA-0EDE3571D9FE} - System32\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {216278DC-8D5A-4665-9DF2-8A4561D27D19} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-28] (Adobe Systems Incorporated)
Task: {29D6A9BB-7934-46B0-966D-F0A9113F28E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3872C1B0-708B-478E-9546-B9E5C267AC8A} - System32\Tasks\{7E69325B-43BD-4504-A86D-367B78C59E6A} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {3950FE5B-FAE5-4DDF-AC04-3F5FECD908C9} - System32\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3A696EFA-B503-4F27-9073-5D923BC47C92} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {3F0966B4-AFF6-49F4-B316-4340D6C2C752} - \iolo SCU task one -> No File <==== ATTENTION
Task: {50962B20-3DFD-4325-A2E6-8956BA9F6137} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-19] (AVAST Software)
Task: {5C5011EE-FAE6-4A72-A598-341B965F461C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {70362E56-2B2C-4959-BC8A-B16644E83019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8EDB293B-53EE-4F49-B9E3-B4B9906D6064} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467 => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.)
Task: {97811780-3C3E-4ACD-B30F-367F6ADDF3F8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-17] (AVAST Software)
Task: {99E83C37-25C4-49B7-84FE-D8438F1F2190} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9B2680F1-B283-46FB-86C9-16D47D10269C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {A78ED252-39F4-427D-9E23-ED8074EFD8A1} - System32\Tasks\Driver Booster SkipUAC (Lynne) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
Task: {A86DBF13-1CD4-493D-A366-2279463CF17A} - System32\Tasks\{C9DD89A3-F427-4F01-845C-4BE9508B0A90} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B01CCF33-77E7-4422-99EB-B01D926A75A7} - System32\Tasks\{29C6A625-127B-4363-9A42-7FAFA331DFDF} => Firefox.exe 
Task: {B3396BB2-557E-4599-8E13-6E3208F238F5} - System32\Tasks\{CAEDB9F1-0B98-4907-B97F-BCA0C5AE2725} => C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RmbChange.exe [2010-10-08] (TODO: <Company name>)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E5C44366-9D2E-464D-A1F8-FF4698549828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E7AA3EB4-4519-4CED-80CF-5FDD46E44DCE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {EE89E7F5-2783-4C3B-9FB8-195323325A71} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d23d535e845fcc.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d23d536072f09a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000Core1d1de44c9d794ce.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2663092148-2684428880-4007880259-1000UA1d1de44cbc91467.job => C:\Users\Lynne\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Lynne\Desktop\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cook's Converter.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mcdlgpiabckkhmfnbndpomhopbmjdhoj
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Jazz Radio Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ceccemkmbbmaaaegfhafhjfbbdindaof
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\moodstream.net (standard).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jhbfhdhkiompjaofhkiabbefdhbnhdlp
ShortcutWithArgument: C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TimeDoser.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cmkneeaihlcdllananjlkmppnkdahdcc
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-04 22:17 - 2013-09-04 22:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:23 - 2010-10-20 13:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-03-29 19:48 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2016-11-15 11:27 - 2016-11-08 14:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 11:27 - 2016-11-08 14:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2013-09-04 22:17 - 2013-09-04 22:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-08-19 14:49 - 2016-08-19 14:49 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-01 06:50 - 2016-12-01 06:50 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16120100\algo.dll
2016-08-19 14:50 - 2016-08-19 14:50 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-09 09:48 - 2016-12-09 09:48 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16120901\algo.dll
2016-12-11 11:19 - 2016-12-11 11:19 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16121100\algo.dll
2013-09-04 22:14 - 2013-09-04 22:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:45 - 2010-10-20 13:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-07-17 22:13 - 2016-07-17 22:13 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4789 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-07-04 17:39 - 00000826 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Lynne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson London Advent Calendar.lnk => C:\windows\pss\Jacquie Lawson London Advent Calendar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lynne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk => C:\windows\pss\Jacquie Lawson Quick Send Widget.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BbInstallUser => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FCB8509E-0F79-402D-837D-1FEA59469693}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{16EA5E6A-F41F-4E7D-BD0E-9F22F2880584}] => LPort=2869
FirewallRules: [{E154CEA0-0DB7-4D59-96B4-A3CDAA2BBFA1}] => LPort=1900
FirewallRules: [{ED3EE8B0-1895-4C7D-B3F8-815FAA366DE9}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EEEF8D48-4191-4E87-8899-E7AD3B5E86D7}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0D075879-BDD9-4B85-AADE-9EDC505B2708}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{484D06A6-69B3-41E5-9040-89C783D58AA0}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{063709CD-E873-4C92-8548-D5D0BEBEAA3C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AECB55A-0181-4E3B-8E29-86ABE53F3C1C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{282EEFFD-62B5-4233-95A7-D4DB5BB96146}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D47DBFB6-8DB8-4B14-B58B-FC316DAD39B5}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA426D2A-CAF1-4495-A9D2-2D7665E235DA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A87A983-A671-4CDF-BC06-5DB69E2AAF2A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83FD4EC6-28F5-4F8C-A90A-4FEC79008E7B}] => C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{2080AB34-03AC-4E22-B0A3-9284943244C4}] => C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{887567F2-0F6B-449B-BF90-458667EF2551}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8B9EB0E5-1791-4079-8170-B0D16759C9F9}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{7D8D85DA-B2BC-444D-95E9-8F474DC7BCE5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF94435B-617E-4728-BC53-3F804127194E}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{F8B65F0F-EB8F-4905-91A0-29E2239393C1}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
 
==================== Restore Points =========================
 
27-11-2016 10:53:44 Windows Update
30-11-2016 11:14:28 Windows Update
01-12-2016 06:48:56 Windows Update
01-12-2016 19:41:14 Windows Modules Installer
05-12-2016 08:07:28 Windows Update
09-12-2016 14:17:31 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Hook Test Driver
Description: Hook Test Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SDHookDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/11/2016 11:16:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d10950
Exception code: 0xc0000005
Fault offset: 0x0000000000023c00
Faulting process id: 0xfd0
Faulting application start time: 0x01d25397edbe61a6
Faulting application path: C:\windows\system32\CompatTelRunner.exe
Faulting module path: C:\windows\system32\devinv.dll
Report Id: f42df78e-bfcd-11e6-8d32-00266ce28c52
 
Error: (12/09/2016 02:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DigitalEditions.exe, version: 4.5.2.0, time stamp: 0x57a3f6aa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04d104b0
Faulting process id: 0x3a0
Faulting application start time: 0x01d25266708ecacf
Faulting application path: C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe
Faulting module path: unknown
Report Id: 14804557-be5a-11e6-8d32-00266ce28c52
 
Error: (12/09/2016 02:54:36 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DigitalEditions.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at DE.App.Main()
 
Error: (12/08/2016 10:26:59 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
 
Error: (12/04/2016 02:23:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 08:48:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 08:25:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/01/2016 07:25:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/28/2016 12:30:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/23/2016 11:40:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (12/11/2016 11:49:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.233.1990.0).
 
Error: (12/11/2016 11:47:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.233.1854.0
 
Update Source: Microsoft Update Server
 
Update Stage: Install
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13303.0
 
Error code: 0x80070643
 
Error description: Fatal error during installation.
 
Error: (12/11/2016 11:16:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/09/2016 02:12:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
 
Error: (12/08/2016 09:58:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (12/07/2016 06:56:05 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/05/2016 03:47:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/04/2016 06:58:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/04/2016 06:58:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/04/2016 06:58:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
CodeIntegrity:
===================================
  Date: 2016-07-30 12:28:10.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-30 12:28:10.026
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 19:14:03.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 19:14:03.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 02:53:43.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-24 02:53:42.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 21:13:30.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-23 21:13:29.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-22 06:35:34.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-22 06:35:33.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD C-50 Processor
Percentage of memory in use: 76%
Total physical RAM: 2662.87 MB
Available physical RAM: 617.59 MB
Total Virtual: 5323.92 MB
Available Virtual: 1821.22 MB
 
==================== Drives ================================
 
Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:205.47 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2B538AD9)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)
 
==================== End of Addition.txt ============================
 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 11 December 2016 - 07:14 PM

Greetings Lynne.

Thank you for the warm welcome and the information.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

iolo technologies' System Mechanic
McAfee Virtual Technician

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)
C:\windows\System32\DRIVERS\ssmirrdr.sys
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 PDFsFilter; system32\DRIVERS\PDFsFilter.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
2016-12-01 20:21 - 2016-12-01 20:21 - 00000000 ____H C:\asc_rdflag
2016-11-28 00:17 - 2016-10-13 07:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw531A.tmp
2016-11-28 00:17 - 2016-09-22 07:50 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5193.tmp
2016-11-28 00:17 - 2016-09-13 09:29 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw4889.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw54B1.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw4E66.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw4B48.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw502B.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw4CDF.tmp
2016-11-28 00:17 - 2016-08-19 14:49 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw4628.tmp
2016-11-27 00:18 - 2016-11-27 00:18 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (3).exe
2016-11-27 00:14 - 2016-11-27 00:14 - 00000000 ____D C:\iolo
2016-11-27 00:14 - 2016-11-27 00:13 - 41276784 _____ C:\Users\Lynne\Documents\SystemMechanic.exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (2).exe
2016-11-27 00:10 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (1).exe
2016-11-17 17:48 - 2016-11-17 17:49 - 45738048 _____ (IObit ) C:\Users\Lynne\Documents\imfv4-setup-trial.exe
2016-12-04 14:22 - 2014-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-04 14:20 - 2011-11-19 19:06 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-04 14:20 - 2011-11-19 19:05 - 00000000 ____D C:\ProgramData\iolo
2016-11-20 07:06 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 17:57 - 2016-05-21 18:56 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-11-16 19:03 - 2014-12-18 21:10 - 00000000 ____D C:\Users\Lynne\AppData\LocalLow\IObit
2016-11-16 19:03 - 2014-12-18 21:09 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\IObit
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll
Task: {1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification
Task: {3872C1B0-708B-478E-9546-B9E5C267AC8A} - System32\Tasks\{7E69325B-43BD-4504-A86D-367B78C59E6A} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {3F0966B4-AFF6-49F4-B316-4340D6C2C752} - \iolo SCU task one
Task: {5C5011EE-FAE6-4A72-A598-341B965F461C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {A86DBF13-1CD4-493D-A366-2279463CF17A} - System32\Tasks\{C9DD89A3-F427-4F01-845C-4BE9508B0A90} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
Task: {EE89E7F5-2783-4C3B-9FB8-195323325A71} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
FirewallRules: [{887567F2-0F6B-449B-BF90-458667EF2551}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8B9EB0E5-1791-4079-8170-B0D16759C9F9}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
cmd: sc query WinDefend
File: C:\windows\SysWOW64mfc45.dll
RemoveProxy:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 10:11 PM

Greetings, Before we go any further with this 'project' I need to ask a question. I have been unable to figure out how to work with Notepad! I'm finding it quite vexing as I'm unable to get them off the bar at the bottom of the page, where the little 4 color circle icon is located to the far left. In order to submit the 1st 2 scans to you I had to copy/paste. I'm fine doing that but...is there a special reason I would need to submit something to you specifically on the notepad, or may I continue to copy/paste? I can always paste to keep the original formatting from the notepad if that's an issue. I started to do the next steps when I realized I needed to ask. I look forward to hearing from you. Thanks, Lynne



#7 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 10:36 PM

PS...I was able to uninstall McAfee Virtual Technician however, the  System Mechanic is not one of the programs. I had that one installed a long time ago, it's been well over a year since I uninstalled it. But at least part of it must be someplace because you obviously found it. I searched for it by clicking on the 4 color circle to the far left at the bottom of the screen and what comes up is System Mechanic Setup, file version 10.6.2.7, size: 18.3 MB, Date 11/19/2011 7:04pm. If I click on it , it wants permission to make changes to the hard drive...which I did not take further. I don't find it on the list of programs where I found the McAfee. Please advise. Thanks, Lynne



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 11 December 2016 - 10:40 PM

Greetings,

You can copy and paste everything. Since you are having difficulty let me change the FRST fix instructions a bit.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------

  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 11 December 2016 - 10:42 PM

Hi Lynne,

 

Just saw your last post. Skip the uninstalling of the 2 programs. Just run the fixlist as instructed above and the System Summary steps, if you can.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 11:21 PM

Hello again, Do I go back to the place I launched FRST from the 1st time? And where is there a 'fix' button, when I launched it the 1st time I don't remember a 'fix' button? Thanks!!



#11 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 11 December 2016 - 11:26 PM

ps...I did uninstall the McAfee, just not the System Mechanic Thx



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 11 December 2016 - 11:27 PM

The fixlist file you downloaded must be in the same place as frst.exe. According to your log frst.ext is located in the C:\Users\Lynne\Downloads folder. If it is still there then you need to save the fixlist download into that folder. When you launch frst.exe you will see a Fix button.

 

I am ending for the evening but will check back in the morning.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 12 December 2016 - 10:53 PM

Good Evening,

I certainly hope I did this correctly, I was quite nervous. A friend used to tell me not to be nervous, that I couldn't break the computer. I found that hard to believe and so remain cautiously nervous. whew. Thanks, Lynne

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Lynne (12-12-2016 20:38:52) Run:1
Running from C:\Users\Lynne\Downloads
Loaded Profiles: Lynne (Available Profiles: Lynne)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2663092148-2684428880-4007880259-1000 -> {7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-28]
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
S3 ssmirrdr; C:\windows\System32\DRIVERS\ssmirrdr.sys [10112 2014-01-08] (support.com, Inc)
C:\windows\System32\DRIVERS\ssmirrdr.sys
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 PDFsFilter; system32\DRIVERS\PDFsFilter.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
2016-12-01 20:21 - 2016-12-01 20:21 - 00000000 ____H C:\asc_rdflag
2016-11-28 00:17 - 2016-10-13 07:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\asw531A.tmp
2016-11-28 00:17 - 2016-09-22 07:50 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\asw5193.tmp
2016-11-28 00:17 - 2016-09-13 09:29 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\asw4889.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\asw54B1.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\asw4E66.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\asw4B48.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\asw502B.tmp
2016-11-28 00:17 - 2016-08-19 14:50 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\asw4CDF.tmp
2016-11-28 00:17 - 2016-08-19 14:49 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw4628.tmp
2016-11-27 00:18 - 2016-11-27 00:18 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (3).exe
2016-11-27 00:14 - 2016-11-27 00:14 - 00000000 ____D C:\iolo
2016-11-27 00:14 - 2016-11-27 00:13 - 41276784 _____ C:\Users\Lynne\Documents\SystemMechanic.exe
2016-11-27 00:11 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (2).exe
2016-11-27 00:10 - 2016-11-27 00:11 - 00585912 _____ C:\Users\Lynne\Documents\smfree_dm (1).exe
2016-11-17 17:48 - 2016-11-17 17:49 - 45738048 _____ (IObit ) C:\Users\Lynne\Documents\imfv4-setup-trial.exe
2016-12-04 14:22 - 2014-12-18 21:09 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-04 14:20 - 2011-11-19 19:06 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-04 14:20 - 2011-11-19 19:05 - 00000000 ____D C:\ProgramData\iolo
2016-11-20 07:06 - 2014-12-18 21:10 - 00000000 ____D C:\ProgramData\IObit
2016-11-17 17:57 - 2016-05-21 18:56 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2016-11-16 19:03 - 2014-12-18 21:10 - 00000000 ____D C:\Users\Lynne\AppData\LocalLow\IObit
2016-11-16 19:03 - 2014-12-18 21:09 - 00000000 ____D C:\Users\Lynne\AppData\Roaming\IObit
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll
Task: {1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification
Task: {3872C1B0-708B-478E-9546-B9E5C267AC8A} - System32\Tasks\{7E69325B-43BD-4504-A86D-367B78C59E6A} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {3F0966B4-AFF6-49F4-B316-4340D6C2C752} - \iolo SCU task one
Task: {5C5011EE-FAE6-4A72-A598-341B965F461C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {A86DBF13-1CD4-493D-A366-2279463CF17A} - System32\Tasks\{C9DD89A3-F427-4F01-845C-4BE9508B0A90} => C:\Users\Lynne\AppData\Local\AOL\AIM\aim.exe [2015-04-06] (AOL Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
Task: {EE89E7F5-2783-4C3B-9FB8-195323325A71} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
FirewallRules: [{887567F2-0F6B-449B-BF90-458667EF2551}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8B9EB0E5-1791-4079-8170-B0D16759C9F9}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
cmd: sc query WinDefend
File: C:\windows\SysWOW64mfc45.dll
RemoveProxy:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2663092148-2684428880-4007880259-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C4917CA-D1C7-4F21-AF7C-97AB7439C10F}" => key removed successfully
HKCR\CLSID\{7C4917CA-D1C7-4F21-AF7C-97AB7439C10F} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
 
"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:
 
Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.
 
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MVT => key not found. 
C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll => not found.
ssmirrdr => service removed successfully
C:\windows\System32\DRIVERS\ssmirrdr.sys => moved successfully
AntiLog32 => service removed successfully
keycrypt => service removed successfully
PDFsFilter => service removed successfully
SDHookDriver => service removed successfully
C:\asc_rdflag => moved successfully
C:\windows\system32\Drivers\asw531A.tmp => moved successfully
C:\windows\system32\Drivers\asw5193.tmp => moved successfully
C:\windows\system32\Drivers\asw4889.tmp => moved successfully
C:\windows\system32\Drivers\asw54B1.tmp => moved successfully
C:\windows\system32\Drivers\asw4E66.tmp => moved successfully
C:\windows\system32\Drivers\asw4B48.tmp => moved successfully
C:\windows\system32\Drivers\asw502B.tmp => moved successfully
C:\windows\system32\Drivers\asw4CDF.tmp => moved successfully
C:\windows\system32\Drivers\asw4628.tmp => moved successfully
C:\Users\Lynne\Documents\smfree_dm (3).exe => moved successfully
C:\iolo => moved successfully
C:\Users\Lynne\Documents\SystemMechanic.exe => moved successfully
C:\Users\Lynne\Documents\smfree_dm (2).exe => moved successfully
C:\Users\Lynne\Documents\smfree_dm (1).exe => moved successfully
C:\Users\Lynne\Documents\imfv4-setup-trial.exe => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Program Files (x86)\iolo => moved successfully
C:\ProgramData\iolo => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} => moved successfully
LiveUpdateSvc => service removed successfully
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} => moved successfully
C:\Users\Lynne\AppData\LocalLow\IObit => moved successfully
C:\Users\Lynne\AppData\Roaming\IObit => moved successfully
C:\Users\Lynne\AppData\Local\Temp\mojyqhzz.dll => moved successfully
C:\Users\Lynne\AppData\Local\Temp\s14z6hi4.dll => moved successfully
C:\Users\Lynne\AppData\Local\Temp\tlmpqku7.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DDFEC80-6ED8-493F-A271-D6D9DFCAEEFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3872C1B0-708B-478E-9546-B9E5C267AC8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3872C1B0-708B-478E-9546-B9E5C267AC8A}" => key removed successfully
C:\windows\System32\Tasks\{7E69325B-43BD-4504-A86D-367B78C59E6A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E69325B-43BD-4504-A86D-367B78C59E6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F0966B4-AFF6-49F4-B316-4340D6C2C752}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F0966B4-AFF6-49F4-B316-4340D6C2C752}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C5011EE-FAE6-4A72-A598-341B965F461C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5011EE-FAE6-4A72-A598-341B965F461C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86DBF13-1CD4-493D-A366-2279463CF17A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86DBF13-1CD4-493D-A366-2279463CF17A}" => key removed successfully
C:\windows\System32\Tasks\{C9DD89A3-F427-4F01-845C-4BE9508B0A90} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C9DD89A3-F427-4F01-845C-4BE9508B0A90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE89E7F5-2783-4C3B-9FB8-195323325A71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE89E7F5-2783-4C3B-9FB8-195323325A71}" => key removed successfully
C:\windows\System32\Tasks\iolo Process Governor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo Process Governor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{887567F2-0F6B-449B-BF90-458667EF2551} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B9EB0E5-1791-4079-8170-B0D16759C9F9} => value removed successfully
 
========= sc query WinDefend =========
 
 
SERVICE_NAME: WinDefend 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 1  STOPPED 
        WIN32_EXIT_CODE    : 1077  (0x435)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
 
========= End of CMD: =========
 
 
========================= File: C:\windows\SysWOW64mfc45.dll ========================
 
File not signed
MD5: DE7ECC022151ACB7375F09C5417E7425
Creation and modification date: 2016-11-27 00:11 - 2016-11-27 00:11
Size: 0074703


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:28 AM

Posted 13 December 2016 - 09:45 AM

Greetings Lynne.

You did it perfectly! Nice job. :thumbsup2:

We are going to do the same step again to remove some other things. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • Update on your computer performance. Are things still the same?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Pei

Pei
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the desert
  • Local time:06:28 AM

Posted 13 December 2016 - 11:41 PM

Good Evening,

Did as requested and really hope I did it correctly. It's very short, unlike the others.

I realize that I failed to mention that it take an inordinate amount of time for anything to load, i.e. google, yahoo, this site. however, once loaded the response time is weird. When I click on something or want to look at something,or load a document  it's as if it gets hung up, pause...several beats...hiccups and then falls into place. It's annoying that none of these problems existed before I ran into Win 10...so very vexing. Anyway, it's status quo here, nothing has changed. Please let me know if I did today's task correctly. I really appreciate the time you're taking to help me, far more than you know because there aren't enough words and a mere thank you is woefully inadequate! But here it is...Thanks  :) , Lynne

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Lynne (13-12-2016 20:53:30) Run:2
Running from C:\Users\Lynne\Downloads
Loaded Profiles: Lynne (Available Profiles: Lynne)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\windows\SysWOW64mfc45.dll
emptytemp:
*****************
 
C:\windows\SysWOW64mfc45.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6047038 B
Java, Flash, Steam htmlcache => 1019 B
Windows/system/drivers => 10068194 B
Edge => 0 B
Chrome => 841906325 B
Firefox => 16077681 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42336615 B
systemprofile32 => 230198 B
LocalService => 132244 B
NetworkService => 56047034 B
Lynne => 118376239 B
 
RecycleBin => 24432793 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:55:38 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users