Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 outlawtorn71

outlawtorn71

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 21 October 2017 - 03:23 PM

Hi -

 

I think I have a malware infection as I try to run mbar I get the "resources busy" error

 

I ran FARBAR and below are the results

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2017
Ran by Mark (administrator) on WOPR-71 (21-10-2017 07:44:38)
Running from C:\Users\Mark\Downloads
Loaded Profiles: Mark (Available Profiles: Mark & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 15063.608 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Windows\System32\mspqcbw.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ali) C:\USBStorage\USBDetector.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [163936 2016-10-03] (Synaptics)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-11] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111928 2013-05-03] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [USBDetector] => C:\USBStorage\USBDetector.exe [53248 2003-04-01] (ali)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2017-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-23] (Spotify Ltd)
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [Spotify] => C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe [8387696 2016-01-23] (Spotify Ltd)
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [Google Update] => C:\Users\Mark\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Run: [BitTorrent] => C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe [2150088 2017-10-13] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2017-07-18]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2016-03-25]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2015-08-15]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-12-08]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Mark\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-16] (Lavasoft Limited)
Winsock: Catalog9-x64 05 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-16] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 10.120.1.100 10.120.1.101
Tcpip\..\Interfaces\{bc88c5f5-084e-43a1-b72e-8a9a0e69e45a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bfbd5272-f020-4fdb-90f7-43632c2c501b}: [DhcpNameServer] 10.120.1.100 10.120.1.101

Internet Explorer:
==================
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-1706066894-350980092-2229589067-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1706066894-350980092-2229589067-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D081615-A166D148A50&form=CONBDF&conlogo=CT3334470&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: kkoidwrk.default
FF ProfilePath: C:\Users\Mark\AppData\Roaming\TomTom\HOME\Profiles\zwggjgl4.default [2015-10-27]
FF Extension: (Emulator) - C:\Users\Mark\AppData\Roaming\TomTom\HOME\Profiles\zwggjgl4.default\Extensions\Navcore.9.510.1234792@tomtom.com [2015-10-27] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default [2017-10-20]
FF NewTab: Mozilla\Firefox\Profiles\kkoidwrk.default -> hxxps://www.yahoo.com/
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kkoidwrk.default -> Bing
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\kkoidwrk.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kkoidwrk.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\kkoidwrk.default -> hxxp://www.bing.com/
FF Extension: (Firefox Lightbeam) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2017-10-10]
FF Extension: (Avast Online Security) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default\Extensions\wrc@avast.com.xpi [2017-10-12]
FF Extension: (FireFTP) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-02-08]
FF Extension: (Video DownloadHelper) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-11]
FF Extension: (Adblock Plus) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\kkoidwrk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-12]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-16] [not signed]
FF HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll [2017-10-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll [2017-10-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1706066894-350980092-2229589067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1706066894-350980092-2229589067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-21]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-21]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-21]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-21]
CHR Extension: (Google Cast) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-21]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-21]
CHR Extension: (Avast SafePrice) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-12-21]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-21]
CHR Extension: (Avast Online Security) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-21]
CHR Extension: (Fast search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-08-11]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-21]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-11] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-11] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2692296 2015-02-25] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [929888 2017-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [183800 2017-09-28] (360.cn)
S3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2017-09-28] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2017-09-28] (360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2017-09-28] (360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2017-09-28] (360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [432120 2017-09-28] (360.cn)
S4 Apv2orcumwau; no ImagePath
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-11] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-11] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41832 2017-09-18] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-11] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-11] (AVAST Software)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [199160 2017-09-28] (360.cn)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2016-03-21] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-21 07:44 - 2017-10-21 07:45 - 000024392 _____ C:\Users\Mark\Downloads\FRST.txt
2017-10-21 07:43 - 2017-10-21 07:43 - 002402816 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2017-10-21 07:36 - 2017-10-21 07:36 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Mark\Downloads\mbar-1.09.3.1001.exe
2017-10-12 20:56 - 2017-10-12 20:56 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-12 20:49 - 2017-10-12 20:51 - 059272008 _____ (Malwarebytes ) C:\Users\Mark\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-10-11 21:07 - 2017-10-20 08:45 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-10-11 14:58 - 2017-10-11 14:59 - 000483088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 14:55 - 2017-10-11 14:55 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-11 09:01 - 2017-10-21 07:41 - 000000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2017-10-10 07:44 - 2017-10-11 14:48 - 000000000 ____D C:\Users\Mark\AppData\Roaming\FileZilla
2017-10-10 07:44 - 2017-10-10 12:13 - 000000000 ____D C:\Users\Mark\AppData\Local\FileZilla
2017-10-10 07:44 - 2017-10-10 07:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-10-10 07:44 - 2017-10-10 07:44 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-10-06 16:01 - 2017-10-06 16:01 - 000103641 _____ C:\Users\Mark\Downloads\Alaska White.pdf
2017-10-06 16:00 - 2017-10-06 16:00 - 000101740 _____ C:\Users\Mark\Downloads\Dallas White.pdf
2017-10-02 13:34 - 2017-10-02 13:34 - 000000000 __SHD C:\$360Section
2017-10-02 13:03 - 2017-10-03 10:27 - 000000000 ____D C:\WINDOWS\Tasks\360Disabled
2017-10-02 13:03 - 2017-10-02 13:34 - 000000000 ____D C:\ProgramData\360Quarant
2017-10-02 13:02 - 2017-10-11 14:47 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\360WD
2017-10-02 13:02 - 2017-10-02 13:34 - 000000000 ____D C:\Users\Mark\AppData\Roaming\360safe
2017-10-02 13:02 - 2017-10-02 13:03 - 000000000 ____D C:\ProgramData\360safe
2017-10-02 13:02 - 2017-10-02 13:02 - 000000000 ____D C:\Users\Mark\AppData\Roaming\360TotalSecurity
2017-10-02 13:02 - 2017-10-02 13:02 - 000000000 ____D C:\ProgramData\360TotalSecurity
2017-10-02 13:02 - 2017-09-28 03:52 - 000432120 _____ (360.cn) C:\WINDOWS\system32\Drivers\360FsFlt.sys
2017-10-02 13:02 - 2017-09-28 03:52 - 000095232 _____ (360.cn) C:\WINDOWS\SysWOW64\Drivers\360AvFlt.sys
2017-10-02 13:01 - 2017-10-11 14:56 - 000000000 _RSHD C:\360SANDBOX
2017-10-02 13:01 - 2017-10-02 13:01 - 000001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2017-10-02 13:01 - 2017-10-02 13:01 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-10-02 13:01 - 2017-10-02 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2017-10-02 13:01 - 2017-10-02 13:01 - 000000000 ____D C:\Program Files (x86)\360
2017-10-02 13:01 - 2017-09-28 03:52 - 000339456 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2017-10-02 13:01 - 2017-09-28 03:52 - 000199160 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.sys
2017-10-02 13:01 - 2017-09-28 03:52 - 000183800 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2017-10-02 13:01 - 2017-09-28 03:52 - 000095232 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2017-10-02 13:01 - 2017-09-28 03:52 - 000057848 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys
2017-10-02 12:14 - 2017-10-03 09:11 - 000894650 _____ C:\WINDOWS\ntbtlog.txt
2017-09-22 06:53 - 2017-09-22 06:53 - 000723043 _____ C:\Users\Mark\Downloads\JA RMA Form.pdf
2017-09-22 06:52 - 2017-09-22 06:52 - 000008538 _____ C:\Users\Mark\Downloads\RMA JA975261 M Holtsclaw.pdf
2017-09-21 09:43 - 2017-09-21 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-21 09:43 - 2017-09-21 09:43 - 000000000 ____D C:\Program Files\iPod
2017-09-21 09:42 - 2017-09-21 09:43 - 000000000 ____D C:\Program Files\iTunes
2017-09-21 09:38 - 2017-09-21 09:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-09-21 09:38 - 2017-09-21 09:38 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-09-21 08:17 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-21 08:17 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-21 08:17 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-21 08:17 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-21 08:17 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-21 08:17 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-21 08:17 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-21 08:17 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-21 08:17 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-21 08:17 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-21 08:17 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-21 08:17 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-21 08:17 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-21 08:17 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-21 08:17 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-21 08:17 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-21 08:17 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-21 08:17 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-21 08:17 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-21 08:17 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-21 08:17 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-21 08:17 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-21 08:17 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-21 08:17 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-21 08:17 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-21 08:17 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-21 08:17 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-21 08:17 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-21 08:17 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-21 08:17 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-21 08:17 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-21 08:17 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-21 08:17 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-21 08:16 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-21 08:16 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-21 08:16 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-21 08:16 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-21 08:16 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-21 08:16 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-21 08:16 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-21 08:16 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-21 08:16 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-21 08:16 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-21 08:16 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-21 08:16 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-21 08:16 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-21 08:16 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-21 08:16 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-21 08:16 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-21 08:16 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-21 08:16 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-21 08:16 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-21 08:16 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-21 08:16 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-21 08:16 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-21 08:16 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-21 08:16 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-21 08:16 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-21 08:16 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-21 08:16 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-21 08:16 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-21 08:16 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-21 08:16 - 2017-09-05 00:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-21 08:16 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-21 08:16 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-21 08:16 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-21 08:16 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-21 08:16 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-21 08:16 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-21 08:16 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-21 08:16 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-21 08:16 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-21 08:16 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-21 08:16 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-21 08:16 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-21 08:16 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-21 08:16 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-21 08:16 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-21 08:16 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-21 08:16 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-21 08:16 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-21 08:16 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-21 08:16 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-21 08:16 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-21 08:16 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-21 08:16 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-21 08:16 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-21 08:16 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-21 08:16 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-21 08:16 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-21 08:16 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-21 08:16 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-21 08:16 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-21 08:16 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-21 08:16 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-21 08:16 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-21 08:16 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-21 08:16 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-21 08:16 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-21 08:16 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-21 08:16 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-21 08:16 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-21 08:16 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-21 08:16 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-21 08:16 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-21 08:12 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-21 08:12 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-21 08:12 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-21 08:12 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-21 08:12 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-21 08:11 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-21 08:11 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-21 08:11 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-21 08:11 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-21 08:11 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-21 08:11 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-21 08:11 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-21 08:11 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-21 08:11 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-21 08:11 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-21 08:11 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-21 08:11 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-21 08:11 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-21 08:11 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-21 08:11 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-21 08:11 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-21 08:11 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-21 08:11 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-21 08:11 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-21 08:11 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-21 08:11 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-21 08:11 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-21 08:11 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-21 08:11 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-21 08:11 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-21 08:11 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-21 08:11 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-21 08:11 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-21 08:11 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-21 08:11 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-21 08:11 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-21 08:11 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-21 08:11 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-21 08:11 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-21 08:11 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-21 08:11 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-21 08:11 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-21 08:11 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-21 08:11 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-21 08:11 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-21 08:11 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-21 08:11 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-21 08:11 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-21 08:11 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-21 08:11 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-21 08:11 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-21 08:11 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-21 08:11 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-21 08:11 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-21 08:11 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-21 08:11 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-21 08:11 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-21 08:11 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-21 08:11 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-21 08:11 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-21 08:11 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-21 08:11 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-21 08:11 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-21 08:11 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-21 08:11 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-21 08:11 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-21 08:11 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-21 08:11 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-21 08:11 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-21 08:11 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-21 08:11 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-21 08:11 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-21 08:11 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-21 08:11 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-21 08:11 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-21 08:10 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-21 08:10 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-21 08:10 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-21 08:10 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-21 08:10 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-21 08:10 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-21 08:10 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-21 08:10 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-21 08:10 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-21 08:10 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-21 08:10 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-21 08:10 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-21 08:10 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-21 08:10 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-21 08:10 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-21 08:10 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-21 08:10 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-21 08:10 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-21 08:10 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-21 08:10 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-21 08:10 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-21 08:10 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-21 08:10 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-21 08:10 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-21 08:10 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-21 08:10 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-21 08:10 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-21 08:10 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-21 08:10 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-21 08:10 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-21 08:10 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-21 08:10 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-21 08:10 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-21 08:10 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-21 08:10 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-21 08:10 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-21 08:10 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-21 08:10 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-21 08:10 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-21 08:10 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-21 08:10 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-21 08:10 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-21 08:10 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-21 08:10 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-21 08:10 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-21 08:10 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-21 08:10 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-21 08:10 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-21 08:10 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-21 08:10 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-21 08:10 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-21 08:10 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-21 08:10 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-21 08:10 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-21 08:10 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-21 08:10 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-21 08:10 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-21 08:10 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-21 08:10 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-21 08:10 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-21 08:10 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-21 08:10 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-21 08:10 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-21 08:10 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-21 08:10 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-21 08:09 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-21 08:09 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-21 08:09 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-21 08:09 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-21 08:09 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-21 08:09 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-21 08:09 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-21 08:09 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-21 08:09 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-21 08:09 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-21 08:09 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-21 08:09 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-21 08:09 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-21 08:09 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-21 08:09 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-21 08:09 - 2017-09-05 01:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-21 08:09 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-21 08:09 - 2017-09-05 01:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-21 08:09 - 2017-09-05 01:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-21 08:09 - 2017-09-05 01:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-21 08:09 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-21 08:09 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-21 08:09 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-21 08:09 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-21 08:09 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-21 08:09 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-21 08:09 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-21 08:09 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-21 08:09 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-21 08:09 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-21 08:09 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-21 08:09 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-21 08:09 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-21 08:09 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-21 08:09 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-21 08:09 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-21 08:09 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-21 08:09 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-21 08:09 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-21 08:09 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-21 08:09 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-21 08:09 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-21 08:09 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-21 08:09 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-21 08:09 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-21 08:09 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-21 08:09 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-21 08:09 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-21 08:09 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-21 08:09 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-21 08:09 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-21 08:09 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-21 08:09 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-21 08:09 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-21 08:09 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-21 08:09 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-21 08:08 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-21 08:08 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-21 08:08 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-21 08:08 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-21 08:08 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-21 08:08 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-21 08:08 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-21 08:08 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-21 08:08 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-21 08:08 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-21 08:08 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-21 07:44 - 2017-08-22 16:09 - 000000000 ____D C:\FRST
2017-10-21 07:37 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-21 07:34 - 2015-12-08 18:30 - 000000000 ____D C:\Users\Mark\AppData\Roaming\BitTorrent
2017-10-20 10:46 - 2016-11-25 17:45 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
2017-10-20 09:38 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-20 09:08 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-20 08:45 - 2017-08-11 07:26 - 000000000 ____D C:\Users\Mark\AppData\Local\ntuserlitelist
2017-10-20 08:44 - 2017-04-30 16:10 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-10-20 08:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-20 08:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-13 10:06 - 2015-08-15 16:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-12 20:56 - 2015-08-15 16:11 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 15:03 - 2017-04-30 16:00 - 001757590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-11 14:59 - 2017-04-30 16:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-11 14:59 - 2017-04-30 15:59 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-11 14:56 - 2017-03-18 07:40 - 019398656 _____ C:\WINDOWS\system32\config\HARDWARE
2017-10-11 14:56 - 2017-03-18 07:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-10-11 14:55 - 2017-06-12 08:45 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-11 14:55 - 2017-04-30 16:10 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-11 14:55 - 2017-04-30 16:00 - 000000000 ____D C:\Users\Mark
2017-10-11 14:55 - 2015-08-16 11:18 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-11 14:55 - 2015-08-16 11:18 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-11 14:55 - 2015-08-16 11:15 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-11 14:54 - 2017-03-09 13:31 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-11 14:54 - 2017-03-09 13:31 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-11 14:54 - 2017-03-09 13:31 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-11 14:54 - 2017-03-09 13:31 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-11 14:54 - 2015-08-16 11:18 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-10 12:10 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-10 07:41 - 2015-08-16 19:41 - 000000000 ____D C:\Users\Mark\AppData\Local\Packages
2017-10-09 08:22 - 2017-04-30 16:00 - 000000000 ____D C:\Users\DefaultAppPool
2017-10-03 08:38 - 2016-11-18 09:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-03 08:38 - 2015-08-15 18:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-02 14:31 - 2015-08-16 19:43 - 000000000 ___RD C:\Users\Mark\OneDrive
2017-10-02 13:06 - 2017-08-11 07:20 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-02 13:06 - 2017-05-08 08:39 - 000000000 ____D C:\WINDOWS\Panther
2017-10-02 13:06 - 2017-04-30 16:10 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-10-02 13:06 - 2017-04-30 16:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-10-02 13:06 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-02 13:06 - 2015-11-26 21:55 - 000000000 ____D C:\Program Files (x86)\Audacity
2017-10-02 13:06 - 2015-08-16 10:42 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Skype
2017-09-26 11:32 - 2015-12-21 09:37 - 000002501 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-25 09:22 - 2017-04-30 15:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-24 11:44 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-21 10:12 - 2016-12-08 07:30 - 000000000 ___RD C:\Users\Mark\Podcasts
2017-09-21 10:12 - 2015-08-16 19:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-21 10:04 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-21 09:38 - 2017-01-23 14:42 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-21 07:48 - 2017-07-26 09:23 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1706066894-350980092-2229589067-1000
2017-09-21 07:48 - 2015-08-16 19:43 - 000002397 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories =======

2017-02-01 18:46 - 2017-06-27 08:13 - 000000600 _____ () C:\Users\Mark\AppData\Roaming\winscp.rnd
2017-02-15 11:50 - 2017-02-15 11:50 - 000007597 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2017-06-01 12:58 - 2017-06-01 12:58 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-08-18 18:37 - 2015-08-18 18:37 - 082013448 _____ () C:\ProgramData\arcade.ogg
2015-08-14 08:36 - 2017-01-30 15:44 - 000002128 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\msidntfs.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\WINDOWS\system32\drivers\usbtzfyt.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

LastRegBack: 2017-10-20 09:01

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2017
Ran by Mark (21-10-2017 07:45:33)
Running from C:\Users\Mark\Downloads
Windows 10 Pro Version 1703 15063.608 (X64) (2017-04-30 20:14:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1706066894-350980092-2229589067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1706066894-350980092-2229589067-503 - Limited - Disabled)
Guest (S-1-5-21-1706066894-350980092-2229589067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1706066894-350980092-2229589067-1002 - Limited - Enabled)
Mark (S-1-5-21-1706066894-350980092-2229589067-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.2.0.1289 - 360 Security Center)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
adbLink version 3.4 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 3.4 - jocala.com)
Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk DWG TrueView 2017 - English (HKLM\...\DWG TrueView 2017 - English) (Version: 21.0.104.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
BitTorrent (HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (HKLM-x32\...\{FE651900-D014-482F-AEBC-2928F57D1FB0}) (Version: 140.0.304.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DWG TrueView 2017 - English (HKLM\...\{28B89EEF-0028-0409-0100-CF3F3A09B77D}) (Version: 21.0.104.0 - Autodesk) Hidden
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
Google Chrome (HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.27.15 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (HKLM-x32\...\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}) (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.2.50.1050 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0042 - Lenovo)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
Nero Media Player (HKLM-x32\...\NMPUninstallKey) (Version:  - )
NeroVision Express 2 (HKLM-x32\...\NeroVision!UninstallKey) (Version:  - )
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nostalgia 5.0 (HKLM-x32\...\Nostalgia 5.0) (Version:  - )
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ownsky_ss Screen Saver (HKLM-x32\...\ownsky_ss) (Version:  - )
PS_AIO_07_C310_SW_Min (HKLM-x32\...\{582BA1F1-FAB4-41AD-A5E3-4A9535343461}) (Version: 140.0.304.000 - Hewlett-Packard) Hidden
PS4 Remote Play (HKLM-x32\...\{1F1AAC07-945B-451F-9CE6-1C7E7BB9CBF2}) (Version: 1.0.0.15181 - Sony Interactive Entertainment Inc.)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.15.0 - Lenovo Group Limited)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17349 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1706066894-350980092-2229589067-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mark\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-07-19] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-07-19] (Autodesk)
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2004-12-14] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers1-x32: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-09-28] ()
ContextMenuHandlers1-x32: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-12] (Lenovo)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-09-28] ()
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-12] (Lenovo)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2015-02-25] ()
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-11] (AVAST Software)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2017-09-28] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0417045C-B348-4A2F-8009-F4E4A541C5B0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {085D3DEA-5A74-441E-8557-A54F94E9518C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0BC99386-1B16-49E7-8F35-7BACA691EB93} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0CF0480E-8F95-4B93-8F8D-7D7D00C45390} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F29EBCF-1186-424A-BC2D-A99C1874647D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000Core1d259ffa007f1cc => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {1431E1C8-0791-4C69-BB1B-C6F955BF84BB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {14CA0015-09F9-4F39-B280-BF144F5EC8EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {16D2F929-DB99-4803-9EC6-DAA8E11A9601} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EE6DBFA-35C3-4278-9727-5ECE31863BCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {219596BC-61B1-458B-A75F-C3AF3128523C} - \PMTask -> No File <==== ATTENTION
Task: {257D8F1E-0838-4DE3-AB31-0FED29C0B3B4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {285A65F0-71D2-4138-ACD4-A5163D24AD91} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {32736A00-FBFA-4D35-81FB-F0F200E9FD0B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {3B58D092-DBB6-4FDF-90D5-EE7C2D081AB3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E98208D-C433-413D-9909-39E2802580B5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3F552DB8-9EB0-46B9-A167-3A35A45AB4BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000UA => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {3FBB681D-9BB0-407D-9A7A-DCAA27FE93C4} - System32\Tasks\SafeZone scheduled Autoupdate 1460471856 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {46637732-B77C-447B-AF5A-C4AC14EA1C54} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {4FC27810-6697-406D-A611-CC6E6CC6C692} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53382215-451E-4D4B-88FE-5B9AF936C411} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {618FD323-7791-45E8-8739-91A8FAB77C63} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-12] (Microsoft Corporation)
Task: {62C341EF-15E2-4405-B8AF-D6DF46EFA204} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000Core => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {63BA8020-225F-45B3-A6FF-16250B27B8D3} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {692663B4-DF77-442E-B38C-D19207192025} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {750445E5-6FBE-464C-9C13-C6B8C744C782} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7A1E6871-30D7-4472-8A86-33D0CCD03C62} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8AB75998-CC73-45D5-973E-07C81FD4A5F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-11] (AVAST Software)
Task: {9DAAD132-50BE-4B98-9BB0-6AD940E09B3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-20] (Adobe Systems Incorporated)
Task: {A5AAC46F-5A3C-4E6C-BD5B-797E01D761D5} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A855C9E6-14ED-487B-8D86-A27D18D094C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AEA78325-5401-4B6D-A297-C2CE4C0DDE3B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {B1096DAF-ECBA-4495-A39E-EE019FAB3502} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000UA1d259ffa00f2543 => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-21] (Google Inc.)
Task: {B5683B0E-2E52-4BF9-8053-3D280E94609B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B9944D2E-B566-43E8-9C08-CA68D47ECB2D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C58F9441-13C7-425D-821A-714E9DF99DA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {C7754EF2-B942-4D58-858D-5AABA76CEB6A} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {CC645636-7EC3-401A-95EC-FB8B3360A11B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-12-10] ()
Task: {CD62BC1B-B340-49C6-A212-A557BFA11ACE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {D7585E7F-EFFE-4A1B-812F-233A5AAFE9F9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DF0B6332-35B0-43C0-AD14-143893270C4D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E086EB19-2486-40C9-9DD7-A71D88DD7804} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {E3FB1439-D25D-4EB0-8790-BB22888A46DD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EB90BDCD-C013-4DD5-9AA1-18E9370E2205} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F52F154C-D0AC-41F9-B06E-0837B1AB135B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F664669C-4BBD-4DE7-8A50-0B707E2206DD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB652592-9488-485A-968B-D497D64A31A6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FF858CF9-B1DB-4E17-8691-1E5F640B7209} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000Core.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1706066894-350980092-2229589067-1000UA.job => C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-08-15 18:27 - 2015-02-25 12:52 - 002692296 _____ () C:\Windows\system32\nvwmi64.exe
2016-11-17 02:28 - 2016-11-17 02:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-11 07:13 - 2017-08-11 07:13 - 002793472 ____N () C:\WINDOWS\SYSTEM32\MSPQCBW.EXE
2017-10-04 04:54 - 2017-10-04 04:54 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-04-30 15:59 - 2016-11-14 07:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-10-02 13:01 - 2017-09-28 03:53 - 000817248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-10-02 13:01 - 2017-09-28 03:52 - 000099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-11 08:45 - 2017-07-11 08:45 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-11 14:54 - 2017-10-11 14:54 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1706066894-350980092-2229589067-1000\Software\Classes\exefile:  <==== ATTENTION
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\Software\Classes\.exe:  =>  <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1706066894-350980092-2229589067-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{218a1a1c-09e1-4970-8ea7-5288447f2ada}.jpg
DNS Servers: 10.120.1.100 - 10.120.1.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Content Manager Assistant for PlayStation®.lnk"
HKLM\...\StartupApproved\Run: => "SynLenovoHelper"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "MSN Toolbar"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1706066894-350980092-2229589067-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FA224414-DB2E-4EDA-BB81-4BBEC3838D0B}] => (Allow) C:\Users\Mark\AppData\Local\Temp\7zS03CE\HP.EasyStart.exe
FirewallRules: [{78CFF555-6B9C-498B-A2F9-4340E7B08FB0}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{1EA8541C-5115-4488-A6ED-8A0FDCF969F1}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{46A916E4-7405-4172-92F3-549C21C0655C}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{7F882003-532F-4ACD-AF7E-9D5B940CDBE0}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [UDP Query User{FD54FE45-BDBA-414A-A945-E5A600A2DA9E}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{AFEEE8CC-211B-42C1-91BB-B2C2D2A570E3}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{2106A48E-095F-4412-ABB3-AC89CCE4C7FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2278EBE5-A760-4D00-9956-97DA30D50C27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{762872CA-24D3-45CC-A34B-9C3AB590A345}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{554D2E6E-B664-4F85-A1C5-738F4A21BBEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1238D56-F2C7-4B92-B5A9-D1C7F49DC751}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{BEDB841C-6073-46F8-B91C-5C079955FA0C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [UDP Query User{3611C23E-B9E5-452D-9C16-2BDC7C3691B6}C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{E522A4CC-CFEB-4B69-A30D-61FEB1B51ABB}C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [{590EBFE9-AB8D-4541-AB8A-C6E21E99F6D8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B728A1E7-164F-4C22-BA27-783BCD15B251}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B19DB4B-B787-4DAA-A828-7B23C67CE0E7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{998FF8C3-04D0-4AA8-BFDA-FF01E05DE6CF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F69305B-1992-4240-A96B-170B20F7F4C5}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{981297A6-87E8-493E-82DA-9A2AC09751FE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{8F2389FA-BEEC-45AB-9BC8-C3D0505B1CA8}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5D857CAA-6408-4572-96AF-40B79B86F6A2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7E60AC8F-70C4-4459-81F6-48AD6E76B7D9}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B478224E-4049-462A-A6B4-E6C806CEC354}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A23155CD-3827-4A49-B3B9-903DBF145FD2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{36630230-9292-42E9-8821-A97DD5E7DE53}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EFCC626E-4C85-4753-A200-AD1A27873BCE}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{41D19B2B-1218-4912-8685-675B74F50A0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{038B3EAA-1FAE-4913-97A0-1371C9116ACF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{6CA6BFAB-2B20-4504-A87A-7E3DEDEAD245}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{4CD10002-1F40-4F37-9260-4E9FC6228A1F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{F9785395-02AB-4902-9F1E-65A021B5DEF3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{88A73AC3-44E5-4806-A0DF-7BFDFCB82BCD}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{D59D404B-6176-4FFF-9F90-CDC3D9BCC749}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{24764137-AFD4-4C81-B910-B8C08F57665A}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5B842199-C1BB-43D8-B097-DAADE923D048}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0D549F8A-B99A-427C-9D0E-DA55EC8B6D13}C:\users\mark\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{88B8770B-5F2C-4FBE-9BA6-F438ECD9EC49}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{C6A0BE3D-CC0D-4FD0-944B-2BD84BA2911D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{7F2C36B0-E167-435A-9E81-1EF726C9982A}] => (Allow) C:\Users\Mark\AppData\Local\Temp\7zS42B2\setup\hpznui40.exe
FirewallRules: [{EB128FAE-3DBD-453F-BBEF-5F600C6271EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{62421997-876F-46AD-B380-2AFAEF891D92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{0B1BE9FA-F8C0-4D52-BAEA-2D69895939E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{96405B09-40B2-47D9-860B-A84A3D9A4292}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{88721832-124A-4324-BEFF-5240189168EC}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{76AE0E09-21A7-4751-8790-98C75AD780CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AFE7A08-E29B-4A4D-8878-6E88DEDBE99E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92A0C340-AAA7-4AA5-BDC9-5757AE2ED377}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{754E3051-D752-4140-9D83-C08BD270E021}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{51CAAE77-A08D-4E72-A3F5-D708967123AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DED632BA-B429-49DD-B5DB-B83441A33760}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{DD22808D-8D43-41FA-B555-673ECFD318F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{06302489-E481-4340-BDB7-586FD99DDD50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0CA0C8B7-37F7-4D26-9498-2E169CFFA3C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{1E14D3A9-D88F-44AD-BC6E-53324F8445D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{19ED4AE7-0508-453A-B4E9-F63EA06F7686}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{DCAB80A9-80F9-4016-94C3-762400898443}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{37955273-4132-4F3F-AE0E-230F1E6A055F}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AE039F75-1AE8-4282-AF48-D2167A53DCF0}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2BA19E0F-35A2-4505-8985-7DB17BBB83F0}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C66E89D5-1749-4849-8D4A-C09BBAFBC79F}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8E30086A-694F-4AD5-8CF8-2C5E3D3CB919}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CDB1138D-B857-4E27-8CC1-CCF08B27F102}] => (Allow) C:\Users\Mark\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6ACA4BDB-D475-4E6D-939C-3DDB3E84A79C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FD57B658-2D0B-4172-9F62-051102BBB1FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{61C76B7D-BC33-4686-9FFE-38E6FD1F63F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D3B6BB2-A631-450B-BAFE-417C143D8376}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{27B9944A-1D7A-4044-A88E-A7F16E00DBC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{EEE6A608-27BE-4D56-8F9C-5C08F73ACB69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [TCP Query User{F0B066F3-C067-4796-9738-F580E84B2860}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{E789FBAA-6671-4EF5-ABDC-4D64E2419F38}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [TCP Query User{B8770A92-E649-40FE-B3D6-01F188A710A0}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [UDP Query User{56AA234D-44CC-4EE4-ACAD-8789C6BE2002}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe
FirewallRules: [{962F653D-B043-416D-81B4-CCA8B7E275EB}] => (Allow) C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [TCP Query User{CB95C9D7-F452-4D12-B9C4-1F1696BD5D3F}C:\program files (x86)\freetelly\freetelly.exe] => (Allow) C:\program files (x86)\freetelly\freetelly.exe
FirewallRules: [UDP Query User{7A9FFC49-1D4F-4C6B-A5F0-0C51ECF5A6F6}C:\program files (x86)\freetelly\freetelly.exe] => (Allow) C:\program files (x86)\freetelly\freetelly.exe
FirewallRules: [{B06B242E-598C-4D9D-B671-66C77BA08177}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{BB4C2F2B-3F9F-4C09-9E3E-3F35817DA101}] => (Allow) LPort=5357
FirewallRules: [{B9AB9319-49E2-48F7-AC5D-479EBD00720C}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B06CAB94-97FC-414C-AA5F-4356D8D0BF49}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{866B0A8A-7385-46BA-BF12-F0193748A373}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{0BEE215C-098D-4928-B75C-0CCE9718FB4D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{496AC80D-AF04-48EC-93F3-06F4A9C03023}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{5384BC12-3906-4600-86AC-EE0DE8B323C1}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [TCP Query User{B22FE21B-BD81-40CB-A8D6-9F104ADCC9E5}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{71B536F4-723B-43B9-9C9A-F67ADB37333B}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{CFF2D924-D6C1-43D9-9E58-71B887111928}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{05945521-11F6-45C4-9609-E3698F2DEFBF}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{FDA582B6-4CBA-46AE-9035-4CADB339CA7D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{03456B21-FE0D-402D-AD57-5A93D70ABEDD}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2017 07:40:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2374
Faulting application start time: 0x01d34a60be921304
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: df72af6f-a221-4c61-8730-973b117f508b
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/21/2017 07:40:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2374
Faulting application start time: 0x01d34a60be921304
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 680a638e-47e6-4c92-bdcd-7d9ba1d06766
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/21/2017 07:34:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x558
Faulting application start time: 0x01d34a608f8ad07b
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 922b1216-e7a5-4d97-a602-6aa1852147bc
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/13/2017 10:05:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/11/2017 12:52:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x276c
Faulting application start time: 0x01d342b14177c9d9
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: e449d4a6-6729-45c6-839c-261374d710e1
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/11/2017 12:52:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2a6c
Faulting application start time: 0x01d342b12d8cbe1a
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: db6cb47c-1029-477e-b9e9-6647d249b3c8
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/11/2017 11:09:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x37d4
Faulting application start time: 0x01d342a2e19adab6
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 6e449296-ce65-47a9-9328-8142cfd32831
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/11/2017 09:01:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x584
Faulting application start time: 0x01d34290fb0264f2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 9aa4f079-33b1-4f32-9285-a1ab1674967d
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/11/2017 09:01:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x584
Faulting application start time: 0x01d34290fb0264f2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: b6264475-e339-465d-9d88-84ff13888ee9
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/11/2017 09:01:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x584
Faulting application start time: 0x01d34290fb0264f2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 0b8029fb-8b2e-4181-b68a-fbf9a2e04c9b
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (10/20/2017 10:57:38 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (10/20/2017 08:45:06 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the aswbIDSAgent service, but this action failed with the following error:
No recovery program has been configured for this service.

Error: (10/20/2017 08:45:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The aswbIDSAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.

Error: (10/13/2017 10:31:48 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (10/12/2017 08:57:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (10/12/2017 08:42:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The aswbIDSAgent service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/11/2017 09:52:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/11/2017 09:07:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The aswbIDSAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/11/2017 03:13:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/11/2017 02:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2017-09-18 09:16:30.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-18 09:16:30.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-18 09:15:10.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-18 09:15:10.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 16:24:15.952
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-08-22 16:24:15.942
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 25%
Total physical RAM: 12219.51 MB
Available physical RAM: 9144.26 MB
Total Virtual: 24507.51 MB
Available Virtual: 21149.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.92 GB) (Free:19.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 849AA6B8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=789 MB) - (Type=27)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 21 October 2017 - 03:27 PM

Hi outlawtorn71 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 outlawtorn71

outlawtorn71
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 21 October 2017 - 03:37 PM

Sorry for the multiple posts... I am obviously having some laptop issues..



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 23 October 2017 - 09:32 AM

Did you miss my previous post by any chance? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 outlawtorn71

outlawtorn71
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 23 October 2017 - 01:59 PM

I have tried but I am unable to install -

 

I get the "resources are in use" error



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 23 October 2017 - 06:36 PM

Is that when you try to run the file you download directly, or when you try to run the mbar.exe file inside the MBAR folder?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 outlawtorn71

outlawtorn71
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 24 October 2017 - 06:48 AM

From when I try to run from inside the MBAR folder



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 24 October 2017 - 07:27 AM

Do you have a USB Flash Drive? If so, how big is it?

Also, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 28 October 2017 - 09:42 AM

Hi outlawtorn71,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 outlawtorn71

outlawtorn71
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 30 October 2017 - 12:07 PM

I am - sorry just worked all weekend

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Mark (30-10-2017 13:06:41) Run:2
Running from C:\Users\Mark\Downloads
Loaded Profiles: Mark (Available Profiles: Mark & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\system32\drivers
*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is 6440-9CFB

 Directory of C:\Windows\system32\drivers

10/29/2017  07:03 PM    <DIR> 



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 30 October 2017 - 12:21 PM

Can you attach the whole fixlog.txt? Looks like only part of it was copied here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 outlawtorn71

outlawtorn71
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 30 October 2017 - 01:13 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by Mark (30-10-2017 13:06:41) Run:2
Running from C:\Users\Mark\Downloads
Loaded Profiles: Mark (Available Profiles: Mark & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\system32\drivers
*****************


========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========


========= dir C:\Windows\system32\drivers =========

 Volume in drive C has no label.
 Volume Serial Number is 6440-9CFB

 Directory of C:\Windows\system32\drivers

10/29/2017  07:03 PM    <DIR>          .
10/29/2017  07:03 PM    <DIR>          ..
03/18/2017  04:56 PM           238,080 1394ohci.sys
10/21/2017  04:40 PM           255,928 366215D6.sys
03/18/2017  04:56 PM           107,424 3ware.sys
05/23/2011  03:33 PM           167,040 5U877.sys
07/28/2017  01:23 AM           723,360 acpi.sys
03/18/2017  04:56 PM            20,480 AcpiDev.sys
03/18/2017  04:56 PM           127,392 acpiex.sys
03/18/2017  04:56 PM            12,800 acpipagr.sys
03/18/2017  04:56 PM            14,848 acpipmi.sys
03/18/2017  04:56 PM            14,336 acpitime.sys
03/18/2017  04:56 PM         1,135,512 adp80xx.sys
09/05/2017  01:11 AM           610,720 afd.sys
03/18/2017  04:58 PM           108,544 agilevpn.sys
03/18/2017  04:57 PM           239,616 ahcache.sys
03/18/2017  04:56 PM           176,640 amdk8.sys
03/18/2017  04:56 PM           172,544 amdppm.sys
03/18/2017  04:56 PM            83,352 amdsata.sys
03/18/2017  04:56 PM           259,488 amdsbs.sys
03/18/2017  04:56 PM            27,040 amdxata.sys
09/30/2017  01:40 AM           184,728 appid.sys
03/18/2017  04:58 PM            17,920 applockerfltr.sys
03/18/2017  10:30 PM           127,904 AppVStrm.sys
03/18/2017  10:30 PM           161,696 AppvVemgr.sys
03/18/2017  10:30 PM           143,776 AppvVfs.sys
03/18/2017  04:56 PM           132,000 arcsas.sys
10/11/2017  02:54 PM           321,032 aswbidsdrivera.sys
10/11/2017  02:54 PM           198,976 aswbidsha.sys
10/11/2017  02:54 PM           343,288 aswbloga.sys
10/11/2017  02:54 PM            57,736 aswbuniva.sys
10/11/2017  02:55 PM            47,008 aswHwid.sys
09/18/2017  09:06 AM            41,832 aswKbd.sys
10/11/2017  02:55 PM           147,776 aswMonFlt.sys
07/28/2017  08:39 AM           146,664 aswmonflt.sys.150124561160903
10/11/2017  02:55 PM           110,376 aswRdr2.sys
10/11/2017  02:55 PM            84,416 aswRvrt.sys
10/11/2017  02:54 PM         1,020,536 aswSnx.sys
01/11/2017  12:41 PM           969,560 aswsnx.sys.148415294050007
10/11/2017  02:55 PM           587,168 aswSP.sys
01/11/2017  12:41 PM           513,496 aswsp.sys.148415294259310
10/11/2017  02:55 PM           201,352 aswStm.sys
09/18/2017  09:07 AM           199,312 aswstm.sys.150574008414005
10/11/2017  02:55 PM           363,440 aswVmm.sys
01/11/2017  12:41 PM           292,704 aswvmm.sys.148415294401512
07/11/2017  08:45 AM           360,792 aswvmm.sys.149977716251506
03/18/2017  04:57 PM            28,672 asyncmac.sys
03/18/2017  04:56 PM            29,088 atapi.sys
03/18/2017  04:56 PM           194,464 ataport.sys
03/18/2017  04:56 PM            57,344 BasicDisplay.sys
09/29/2017  03:32 AM            35,840 BasicRender.sys
03/18/2017  04:56 PM            36,256 battc.sys
03/18/2017  04:56 PM             9,728 bcmfn2.sys
03/18/2017  04:57 PM            10,240 beep.sys
03/18/2017  04:56 PM           101,888 bowser.sys
07/28/2017  12:25 AM           115,712 bridge.sys
03/18/2017  04:56 PM            23,552 BtaMPM.sys
03/18/2017  04:56 PM            43,520 BthAvrcpTg.sys
07/28/2017  12:25 AM           105,472 bthenum.sys
07/28/2017  12:08 AM            97,792 bthhfenum.sys
03/18/2017  04:56 PM            32,256 BthhfHid.sys
03/18/2017  04:56 PM            66,560 bthmodem.sys
09/05/2017  12:26 AM           130,560 bthpan.sys
07/28/2017  12:20 AM           982,016 bthport.sys
03/18/2017  04:56 PM            85,504 BTHUSB.SYS
09/05/2017  12:28 AM            39,424 buttonconverter.sys
03/18/2017  04:56 PM           533,920 bxvbda.sys
03/18/2017  04:56 PM            53,664 CAD.sys
03/18/2017  04:56 PM           122,880 capimg.sys
06/30/2009  01:01 PM           292,864 CAXHWAZL.sys
06/30/2009  12:59 PM           740,864 CAX_CNXT.sys
06/30/2009  01:05 PM         1,486,848 CAX_DPV.sys
03/18/2017  04:57 PM            93,184 cdfs.sys
03/18/2017  04:56 PM           160,256 cdrom.sys
03/18/2017  04:57 PM            77,216 CEA.sys
11/28/2015  10:12 PM           682,624 CHDRT64.sys
03/18/2017  04:56 PM           102,816 cht4dx64.sys
03/18/2017  04:56 PM           347,032 cht4sx64.sys
03/18/2017  04:56 PM         2,104,224 cht4vx64.sys
03/18/2017  04:56 PM            49,152 circlass.sys
03/18/2017  04:57 PM           391,584 Classpnp.sys
03/18/2017  04:58 PM            12,288 cldflt.sys
07/31/2017  10:38 PM           382,368 clfs.sys
03/18/2017  04:58 PM           877,472 ClipSp.sys
03/18/2017  04:56 PM            30,208 CmBatt.sys
03/18/2017  04:56 PM            28,064 cmimcext.sys
09/30/2017  01:40 AM           642,680 cng.sys
03/18/2017  04:57 PM            39,840 cnghwassist.sys
03/18/2017  04:57 PM            56,224 condrv.sys
03/18/2017  04:57 PM            86,432 crashdmp.sys
03/18/2017  10:30 PM           559,104 csc.sys
05/20/2017  02:59 AM           112,544 dam.sys
08/24/2015  08:53 AM            76,496 dc3d.sys
03/18/2017  04:56 PM            45,568 devauthe.sys
03/18/2017  04:57 PM           150,528 dfsc.sys
03/18/2017  04:56 PM           102,816 disk.sys
03/18/2017  04:58 PM            38,816 Diskdump.sys
03/18/2017  04:57 PM            15,360 Dmpusbstor.sys
03/18/2017  04:56 PM            47,104 dmvsc.sys
03/18/2017  04:56 PM            97,280 drmk.sys
03/18/2017  04:56 PM            16,232 drmkaud.sys
03/18/2017  04:57 PM            35,744 Dumpata.sys
03/18/2017  04:59 PM            91,152 dumpfve.sys
09/05/2017  01:21 AM           189,344 dumpsd.sys
03/18/2017  04:58 PM            32,256 dumpsdport.sys
03/18/2017  04:57 PM            25,600 Dumpstorport.sys
09/30/2017  01:43 AM         2,442,136 dxgkrnl.sys
04/30/2017  07:52 PM           409,504 dxgmms1.sys
09/30/2017  01:44 AM           712,600 dxgmms2.sys
03/18/2017  04:56 PM           524,800 e1i63x64.sys
03/18/2017  04:57 PM            88,992 EhStorClass.sys
03/18/2017  04:56 PM           119,200 EhStorTcgDrv.sys
04/30/2017  04:02 PM    <DIR>          en-US
03/18/2017  04:56 PM            13,824 errdev.sys
04/30/2017  04:10 PM    <DIR>          etc
03/18/2017  04:56 PM         3,419,040 evbda.sys
03/18/2017  04:57 PM           347,136 exfat.sys
05/20/2017  02:53 AM           363,424 fastfat.sys
03/18/2017  04:56 PM            32,768 fdc.sys
03/18/2017  04:56 PM            54,272 filecrypt.sys
03/18/2017  04:57 PM            86,432 fileinfo.sys
03/18/2017  04:57 PM            36,864 filetrace.sys
03/18/2017  04:56 PM            26,624 flpydisk.sys
03/18/2017  04:57 PM           386,464 fltMgr.sys
03/18/2017  04:56 PM            63,904 fsdepends.sys
03/18/2017  04:57 PM            33,688 fs_rec.sys
09/05/2017  01:16 AM           715,168 fvevol.sys
03/18/2017  04:57 PM           419,744 FWPKCLNT.SYS
03/18/2017  04:56 PM            21,504 genericusbfn.sys
03/18/2017  04:57 PM         3,440,660 gm.dls
03/18/2017  04:57 PM               646 gmreadme.txt
03/18/2017  04:58 PM             8,192 gpuenergydrv.sys
06/20/2017  01:12 AM            86,528 hdaudbus.sys
02/19/2013  12:59 PM            57,848 HECIx64.sys
03/18/2017  04:56 PM            38,296 hidbatt.sys
09/05/2017  12:26 AM           107,008 hidbth.sys
03/18/2017  04:56 PM           180,736 hidclass.sys
03/18/2017  04:56 PM            52,224 hidi2c.sys
03/18/2017  04:56 PM            51,104 hidinterrupt.sys
03/18/2017  04:56 PM            46,592 hidir.sys
03/18/2017  04:56 PM            40,960 hidparse.sys
03/18/2017  04:56 PM            40,960 hidusb.sys
03/18/2017  04:56 PM            64,416 HpSAMD.sys
03/25/2008  12:42 AM           146,036 HSFProf.cty
07/07/2017  03:07 AM         1,106,848 http.sys
03/18/2017  04:57 PM            74,648 hvservice.sys
03/18/2017  04:56 PM           118,688 hvsocket.sys
03/18/2017  04:57 PM            29,600 hwpolicy.sys
03/18/2017  04:56 PM            16,896 hyperkbd.sys
03/18/2017  04:56 PM           115,200 i8042prt.sys
03/18/2017  04:56 PM            33,280 iagpio.sys
03/18/2017  04:56 PM            81,408 iai2c.sys
03/18/2017  04:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  04:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  04:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  04:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  04:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  04:56 PM           113,152 iaLPSSi_I2C.sys
05/30/2012  01:42 PM           569,152 iaStor.sys
03/18/2017  04:56 PM           673,184 iaStorAV.sys
03/18/2017  04:56 PM           412,064 iaStorV.sys
03/18/2017  04:56 PM           526,240 ibbus.sys
07/17/2015  12:27 PM            72,400 ibmpmdrv.sys
03/18/2017  04:58 PM            36,864 IndirectKmd.sys
03/18/2017  04:56 PM            19,360 intelide.sys
03/18/2017  04:56 PM            74,840 intelpep.sys
03/18/2017  04:56 PM           193,536 intelppm.sys
03/18/2017  04:57 PM            49,568 iorate.sys
03/18/2017  04:57 PM            87,040 ipfltdrv.sys
03/18/2017  04:56 PM            92,064 IPMIDrv.sys
03/18/2017  04:58 PM           214,528 ipnat.sys
03/18/2017  04:57 PM           120,320 irda.sys
03/18/2017  04:57 PM            19,968 irenum.sys
03/18/2017  04:56 PM            22,944 isapnp.sys
03/18/2017  04:56 PM            64,416 kbdclass.sys
03/18/2017  04:56 PM            40,448 kbdhid.sys
03/18/2017  04:56 PM            23,040 kdnic.sys
03/18/2017  04:58 PM           390,144 ks.sys
09/30/2017  01:49 AM           135,576 ksecdd.sys
03/18/2017  04:58 PM           170,912 ksecpkg.sys
05/20/2017  02:10 AM            27,136 ksthunk.sys
03/18/2017  04:58 PM            66,560 lltdio.sys
10/11/2017  02:55 PM            61,304 lpsport.sys
03/18/2017  04:56 PM           108,960 lsi_sas.sys
03/18/2017  04:56 PM           123,808 lsi_sas2i.sys
03/18/2017  04:56 PM           103,328 lsi_sas3i.sys
03/18/2017  04:56 PM            82,848 lsi_sss.sys
03/18/2017  04:57 PM           124,928 luafv.sys
03/18/2017  04:56 PM           405,408 mausbhost.sys
03/18/2017  04:56 PM            51,104 mausbip.sys
08/22/2017  04:18 PM           194,776 MBAMSwissArmy.sys
03/18/2017  04:57 PM            23,552 mcd.sys
06/18/2006  10:27 PM            17,024 mdmxsdk.sys
03/18/2017  04:56 PM            59,808 megasas.sys
03/18/2017  04:56 PM            64,416 MegaSas2i.sys
03/18/2017  04:56 PM           575,904 megasr.sys
03/18/2017  04:56 PM           842,656 mlx4_bus.sys
03/18/2017  04:57 PM            50,688 mmcss.sys
03/18/2017  04:57 PM            42,496 modem.sys
03/18/2017  04:56 PM            39,424 monitor.sys
03/18/2017  04:56 PM            60,320 mouclass.sys
03/18/2017  04:56 PM            33,280 mouhid.sys
03/18/2017  04:57 PM           105,880 mountmgr.sys
03/18/2017  04:58 PM            76,800 mpsdrv.sys
04/30/2017  07:48 PM           177,664 mqac.sys
03/18/2017  04:57 PM           144,384 mrxdav.sys
03/18/2017  04:57 PM           467,352 mrxsmb.sys
09/29/2017  03:20 AM           286,208 mrxsmb10.sys
09/30/2017  01:41 AM           228,248 mrxsmb20.sys
03/18/2017  04:57 PM            31,744 msfs.sys
11/28/2012  06:56 PM                 3 MsftWdf_Kernel_01011_Inbox_Critical.Wdf
07/16/2016  07:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  04:57 PM           169,888 msgpioclx.sys
03/18/2017  04:56 PM            49,056 msgpiowin32.sys
03/18/2017  04:57 PM             8,704 mshidkmdf.sys
03/18/2017  04:57 PM            12,288 mshidumdf.sys
07/06/2013  01:27 PM            81,696 msidntfs.sys
03/18/2017  04:56 PM            19,352 msisadrv.sys
07/28/2017  01:20 AM           279,968 msiscsi.sys
06/20/2017  01:14 AM            32,768 mskssrv.sys
03/18/2017  04:57 PM            83,456 mslldp.sys
03/18/2017  04:58 PM            10,752 mspclock.sys
03/18/2017  04:58 PM            10,752 mspqm.sys
03/18/2017  04:57 PM           367,000 msrpc.sys
03/18/2017  10:31 PM           230,816 mssecflt.sys
03/18/2017  04:56 PM            44,960 mssmbios.sys
03/18/2017  04:58 PM            12,800 mstee.sys
03/18/2017  04:56 PM            16,896 MTConfig.sys
03/18/2017  04:57 PM           123,808 mup.sys
03/18/2017  04:56 PM            63,904 mvumis.sys
03/18/2017  04:56 PM           108,960 ndfltr.sys
09/05/2017  01:23 AM         1,242,528 ndis.sys
03/18/2017  04:57 PM            50,688 ndiscap.sys
03/18/2017  04:57 PM           128,512 NdisImPlatform.sys
03/18/2017  04:58 PM            27,136 ndistapi.sys
03/18/2017  04:58 PM            65,536 ndisuio.sys
03/18/2017  04:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  04:58 PM           192,000 ndiswan.sys
03/18/2017  04:58 PM            62,464 ndproxy.sys
03/18/2017  04:58 PM           127,488 Ndu.sys
03/18/2017  04:57 PM           122,368 NetAdapterCx.sys
03/18/2017  04:57 PM            57,760 netbios.sys
09/05/2017  12:23 AM           305,152 netbt.sys
09/05/2017  01:24 AM           519,584 netio.sys
04/30/2017  07:52 PM           118,784 netvsc.sys
03/18/2017  04:56 PM        11,518,976 Netwsw00.sys
03/18/2017  04:57 PM            69,120 npfs.sys
03/18/2017  04:56 PM            27,136 npsvctrig.sys
09/05/2017  12:25 AM            43,520 nsiproxy.sys
09/30/2017  01:48 AM         2,327,448 ntfs.sys
03/18/2017  04:57 PM            20,376 ntosext.sys
08/24/2015  08:52 AM            29,904 nuidfltr.sys
03/18/2017  04:57 PM             7,680 null.sys
03/18/2017  04:56 PM            80,896 nvdimmn.sys
12/09/2016  03:48 PM           206,776 nvhda64v.sys
12/09/2016  03:55 PM        12,914,360 nvlddmkm.sys
03/18/2017  04:56 PM           150,432 nvraid.sys
03/18/2017  04:56 PM           166,304 nvstor.sys
09/29/2017  03:29 AM           550,400 nwifi.sys
03/18/2017  04:57 PM           152,992 pacer.sys
03/18/2017  04:56 PM            97,792 parport.sys
09/05/2017  01:25 AM           159,648 partmgr.sys
03/18/2017  04:56 PM           353,696 pci.sys
03/18/2017  04:56 PM            16,800 pciide.sys
03/18/2017  04:56 PM            53,656 pciidex.sys
03/18/2017  04:56 PM           120,224 pcmcia.sys
03/18/2017  04:57 PM            52,640 pcw.sys
07/07/2017  03:24 AM           117,664 pdc.sys
03/18/2017  04:58 PM           741,376 PEAuth.sys
03/18/2017  04:56 PM            58,784 percsas2i.sys
03/18/2017  04:56 PM            61,848 percsas3i.sys
03/18/2017  04:56 PM           101,376 pmem.sys
03/18/2017  04:56 PM           373,248 portcls.sys
03/18/2017  04:56 PM           172,032 processr.sys
03/18/2017  04:57 PM            49,664 qwavedrv.sys
03/18/2017  04:57 PM            17,920 rasacd.sys
03/18/2017  04:58 PM           107,008 rasl2tp.sys
03/18/2017  04:57 PM            81,920 raspppoe.sys
03/18/2017  04:58 PM            97,792 raspptp.sys
03/18/2017  04:58 PM            79,872 rassstp.sys
03/18/2017  04:57 PM           434,080 rdbss.sys
03/18/2017  10:31 PM            27,136 rdpbus.sys
03/18/2017  10:30 PM           183,296 rdpdr.sys
03/18/2017  10:30 PM            30,624 rdpvideominiport.sys
03/18/2017  04:57 PM           282,528 rdyboost.sys
03/18/2017  04:57 PM         1,735,584 refs.sys
03/18/2017  04:57 PM           936,864 refsv1.sys
03/18/2017  04:57 PM            14,336 registry.sys
07/31/2017  09:41 PM           180,736 rfcomm.sys
03/18/2017  04:56 PM            40,960 RfxVmt.sys
10/26/2009  05:52 AM            61,952 rimspe64.sys
03/18/2017  04:57 PM           150,016 rmcast.sys
03/18/2017  04:57 PM            34,816 RNDISMP.sys
05/20/2017  02:08 AM            13,312 rootmdm.sys
03/18/2017  04:58 PM            82,432 rspndr.sys
03/18/2017  04:56 PM           110,496 sbp2port.sys
03/18/2017  04:57 PM            43,520 scfilter.sys
03/18/2017  04:56 PM            91,040 scmbus.sys
03/18/2017  04:57 PM           175,520 scsiport.sys
09/05/2017  01:30 AM           287,648 sdbus.sys
03/18/2017  04:56 PM            31,128 SDFRd.sys
03/18/2017  04:56 PM            98,208 sdport.sys
03/18/2017  04:56 PM            94,624 sdstor.sys
03/18/2017  04:57 PM            75,680 SerCx.sys
03/18/2017  04:57 PM           154,016 SerCx2.sys
03/18/2017  04:56 PM            26,112 serenum.sys
03/18/2017  04:56 PM            84,480 serial.sys
03/18/2017  04:56 PM            28,672 sermouse.sys
03/18/2017  04:56 PM            13,312 serscan.sys
03/18/2017  04:56 PM            18,432 sfloppy.sys
03/18/2017  04:56 PM            44,960 sisraid2.sys
03/18/2017  04:56 PM            81,824 sisraid4.sys
03/18/2017  04:58 PM            32,672 SleepStudyHelper.sys
10/03/2016  04:24 AM            50,784 Smb_driver_AMDASF_Aux.sys
08/24/2015  09:08 AM            52,912 Smb_driver_Intel.sys
10/03/2016  04:24 AM            51,296 Smb_driver_Intel_Aux.sys
03/18/2017  04:57 PM            21,504 smclib.sys
05/22/2013  04:17 PM            15,472 smiifx64.sys
03/18/2017  04:56 PM           167,328 spacedump.sys
03/18/2017  04:56 PM           587,168 spaceport.sys
03/18/2017  10:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  04:57 PM            80,288 SpbCx.sys
09/29/2017  03:21 AM           414,208 srv.sys
09/29/2017  03:21 AM           722,944 srv2.sys
09/05/2017  12:11 AM           254,976 srvnet.sys
09/05/2016  05:47 AM           131,712 ssudbus.sys
09/05/2016  05:47 AM           165,504 ssudmdm.sys
03/18/2017  04:56 PM            31,136 stexstor.sys
05/20/2017  02:54 AM           144,288 storahci.sys
03/18/2017  04:56 PM            95,648 stornvme.sys
09/05/2017  01:16 AM           546,208 storport.sys
03/18/2017  04:58 PM            79,872 storqosflt.sys
03/18/2017  04:56 PM            36,760 storufs.sys
03/18/2017  04:56 PM            36,768 storvsc.sys
03/18/2017  04:57 PM            75,776 stream.sys
03/21/2016  05:11 PM            13,920 SWDUMon.sys
03/18/2017  04:56 PM            18,336 swenum.sys
10/03/2016  04:24 AM            65,632 SynRMIHID_Aux.sys
03/18/2017  04:56 PM            64,512 Synth3dVsc.sys
10/03/2016  04:24 AM           642,144 SynTP.sys
03/18/2017  04:57 PM            31,232 tape.sys
03/18/2017  04:57 PM            28,064 tbs.sys
09/30/2017  01:36 AM         2,672,024 tcpip.sys
03/18/2017  04:57 PM            51,712 tcpipreg.sys
03/18/2017  04:57 PM            40,352 tdi.sys
07/31/2017  10:36 PM           119,712 tdx.sys
03/18/2017  10:31 PM            37,280 terminpt.sys
06/03/2017  06:10 AM           130,464 tm.sys
06/03/2017  06:00 AM           219,040 tpm.sys
03/18/2017  04:56 PM            61,440 TsUsbFlt.sys
03/18/2017  04:56 PM            35,328 TsUsbGD.sys
03/18/2017  10:30 PM           125,952 tsusbhub.sys
03/18/2017  04:58 PM           162,304 tunnel.sys
03/18/2017  04:56 PM            78,752 uaspstor.sys
09/05/2017  12:27 AM           104,960 UcmCx.sys
03/18/2017  04:58 PM           179,200 UcmTcpciCx.sys
07/28/2017  12:27 AM            51,712 UcmUcsi.sys
03/18/2017  04:56 PM           213,920 Ucx01000.sys
03/18/2017  04:56 PM            45,568 Udecx.sys
03/18/2017  04:57 PM           324,096 udfs.sys
03/18/2017  04:56 PM            29,600 uefi.sys
03/18/2017  10:31 PM            40,344 UevAgentDriver.sys
03/18/2017  04:58 PM           263,584 ufx01000.sys
03/18/2017  04:56 PM            98,712 UfxChipidea.sys
03/18/2017  04:56 PM           138,656 ufxsynopsys.sys
03/18/2017  04:56 PM            57,856 umbus.sys
09/21/2017  10:04 AM    <DIR>          UMDF
03/18/2017  04:56 PM            14,336 umpass.sys
03/18/2017  04:56 PM            29,600 urschipidea.sys
03/18/2017  04:58 PM            59,288 urscx01000.sys
03/18/2017  04:56 PM            28,064 urssynopsys.sys
08/16/2016  04:18 AM           159,936 usb2ser.sys
03/18/2017  04:57 PM            23,040 usb8023.sys
03/28/2016  01:41 PM            54,784 usbaapl64.sys
03/18/2017  04:57 PM            37,888 USBCAMD2.sys
09/30/2017  01:40 AM           173,976 usbccgp.sys
03/18/2017  04:56 PM           103,424 usbcir.sys
03/18/2017  04:56 PM            32,160 usbd.sys
03/18/2017  04:56 PM            98,200 usbehci.sys
09/30/2017  01:45 AM           511,896 usbhub.sys
09/18/2017  07:09 PM           554,400 USBHUB3.SYS
03/18/2017  04:56 PM            30,720 usbohci.sys
03/18/2017  04:56 PM           466,336 usbport.sys
03/18/2017  04:56 PM            27,136 usbprint.sys
03/18/2017  04:56 PM            32,768 usbrpm.sys
09/05/2017  12:28 AM            71,680 usbser.sys
03/18/2017  04:56 PM           131,488 USBSTOR.SYS
08/10/2013  04:56 PM           102,176 usbtzfyt.sys
03/18/2017  04:56 PM            35,328 usbuhci.sys
04/27/2017  08:59 PM           388,000 USBXHCI.SYS
03/18/2017  04:56 PM            54,176 vdrvroot.sys
03/18/2017  04:57 PM           215,456 VerifierExt.sys
05/20/2017  02:54 AM           730,016 vhdmp.sys
03/18/2017  04:56 PM            35,328 vhf.sys
03/18/2017  04:57 PM            49,664 videoprt.sys
07/31/2017  10:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:44 PM            83,968 vmbkmclr.sys
03/18/2017  04:56 PM           107,424 vmbus.sys
03/18/2017  04:56 PM            25,088 VMBusHID.sys
03/18/2017  04:56 PM            13,824 vmgencounter.sys
03/18/2017  04:56 PM            10,240 vmgid.sys
03/18/2017  04:56 PM             9,216 vms3cap.sys
03/18/2017  04:56 PM            47,520 vmstorfl.sys
03/18/2017  04:56 PM            83,360 volmgr.sys
03/18/2017  04:57 PM           373,664 volmgrx.sys
03/18/2017  04:57 PM           397,216 volsnap.sys
03/18/2017  04:56 PM            16,288 volume.sys
03/18/2017  04:56 PM            74,656 vpci.sys
03/18/2017  04:56 PM           166,816 vsmraid.sys
03/18/2017  04:56 PM           305,568 VSTXRAID.SYS
03/18/2017  04:58 PM            27,136 vwifibus.sys
03/18/2017  04:58 PM            77,312 vwififlt.sys
03/18/2017  04:58 PM            41,472 vwifimp.sys
03/18/2017  04:56 PM            30,720 wacompen.sys
03/18/2017  04:58 PM            81,408 wanarp.sys
03/18/2017  04:57 PM            55,808 watchdog.sys
06/20/2017  02:00 AM           142,752 wcifs.sys
03/18/2017  04:57 PM            72,192 wcnfs.sys
03/18/2017  04:56 PM            44,632 WdBoot.sys
03/18/2017  04:57 PM           902,376 Wdf01000.sys
03/18/2017  04:56 PM           294,816 WdFilter.sys
03/18/2017  04:57 PM            61,672 WdfLdr.sys
06/20/2017  01:07 AM           757,248 WdiWiFi.sys
03/18/2017  04:56 PM           121,248 WdNisDrv.sys
03/18/2017  04:57 PM            46,488 werkernel.sys
03/18/2017  04:57 PM           164,768 wfplwfs.sys
03/18/2017  04:57 PM            35,744 wimmount.sys
03/18/2017  04:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  04:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  04:56 PM            31,648 winhv.sys
03/18/2017  04:57 PM            55,296 winhvr.sys
03/18/2017  04:56 PM            32,160 winmad.sys
03/18/2017  04:58 PM           217,088 winnat.sys
03/18/2017  04:56 PM            90,112 winusb.sys
03/18/2017  04:56 PM            64,920 winverbs.sys
03/18/2017  04:56 PM            18,432 wmiacpi.sys
03/18/2017  04:57 PM            20,384 wmilib.sys
03/18/2017  04:57 PM           208,288 wof.sys
03/18/2017  04:59 PM            30,624 WpdUpFltr.sys
03/18/2017  04:57 PM            33,184 WppRecorder.sys
03/18/2017  04:57 PM            23,552 ws2ifsl.sys
03/18/2017  04:56 PM            22,528 WSDPrint.sys
03/18/2017  04:56 PM            24,576 WSDScan.sys
03/18/2017  04:57 PM           100,864 WUDFPf.sys
03/18/2017  04:57 PM           220,672 WUDFRd.sys
04/29/2009  11:21 AM            10,240 XAudio64.sys
05/20/2017  02:07 AM           277,504 xboxgip.sys
03/18/2017  04:56 PM            46,592 xinputhid.sys
             443 File(s)    112,335,996 bytes
               5 Dir(s)  20,800,503,808 bytes free

========= End of CMD: =========


==== End of Fixlog 13:06:42 ====



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 30 October 2017 - 02:27 PM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well
Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 02 November 2017 - 07:27 AM

Hi outlawtorn71,

Are you still with me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 04 November 2017 - 08:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users