Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Pop Ups/ Malware

Started by sucks2bme , Dec 03 2017 01:00 PM

  • This topic is locked This topic is locked

#1
sucks2bme
Posted 03 December 2017 - 01:00 PM

sucks2bme

    New Member

  • Member
  • Pip
  • 7 posts

Hello. The below logs are from my mothers laptop. She was on the internet and had a popup that told her to call for support. She did and had them log into here computer through a remote application. It was a told of about ten minutes until she called me since they wanted to sell her removal software. I told her to turn her computer off and hang up. Not sure what damage they did during that time frame, but pop up keep coming up while browsing and what seems to be malicious add on are installed. Below are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Susie (administrator) on LAPTOP-LS3M45PD (03-12-2017 13:28:46)
Running from C:\Users\Susie\Desktop
Loaded Profiles: Susie (Available Profiles: Susie)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(HP) C:\Windows\System32\HP3DDGService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\7.2.1023\7.2.1023\TmsaInstance64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\instup.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-08-16] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245872 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1242568 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-12-03] (AVAST Software)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [302744 2017-12-03] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-10-19] (Apple Inc.)
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\RunOnce: [Application Restart #3] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935880 2017-07-14] ()
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935880 2017-07-14] ()
Startup: C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-06-21]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{341fb293-bfe4-48fb-960b-f65ed8da4cb5}: [DhcpNameServer] 40.23.1.12
Tcpip\..\Interfaces\{adb28607-293f-4706-9b3e-45bdd2dc7891}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
SearchScopes: HKLM -> {5ECF4406-57ED-44FA-A683-F3391BDF2774} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5ECF4406-57ED-44FA-A683-F3391BDF2774} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4124504277-125677521-2394868591-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4124504277-125677521-2394868591-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-09-22] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-09-22] (HP Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
 
FireFox:
========
FF DefaultProfile: 2npe4yf4.default
FF ProfilePath: C:\Users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\2npe4yf4.default [2017-12-03]
FF Homepage: Mozilla\Firefox\Profiles\2npe4yf4.default -> msn.com
FF NetworkProxy: Mozilla\Firefox\Profiles\2npe4yf4.default -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF Extension: (Avast Online Security) - C:\Users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\2npe4yf4.default\Extensions\[email protected] [2017-12-03]
FF Extension: (MapsFrontier) - C:\Users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\2npe4yf4.default\Extensions\{546bc2af-d6e7-499f-90b6-58305b836702}.xpi [2017-11-12]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Susie\AppData\Roaming\Mozilla\Firefox\Profiles\2npe4yf4.default\features\{240704c5-4c5b-4fc1-b2b5-81e13b4db662}\[email protected] [2017-11-23] [Lagacy]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-12-03] [Lagacy]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2017-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2017-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Slides) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-03]
CHR Extension: (Docs) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-03]
CHR Extension: (Google Drive) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-03]
CHR Extension: (YouTube) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-03]
CHR Extension: (Gmail) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\Susie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [374968 2017-07-19] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-12-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-12-03] (AVAST Software)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [282536 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7600584 2017-12-03] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-30] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-10-11] (NVIDIA Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [897536 2016-09-09] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-10-11] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-10-11] (NVIDIA Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1129928 2017-07-23] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2679232 2017-07-14] (Trend Micro Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-08-16] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-12-03] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-12-03] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-12-03] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-12-03] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-12-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-12-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-12-03] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-12-03] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-12-03] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-12-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-12-03] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-12-03] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-12-03] (AVAST Software)
S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [176000 2017-12-03] (AVG Technologies CZ, s.r.o.)
R3 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166624 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [314640 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192584 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336896 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [51336 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39424 2017-12-03] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [140704 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [102792 2017-12-03] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76832 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1018648 2017-12-03] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [447800 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [196392 2017-12-03] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [356880 2017-12-03] (AVG Technologies CZ, s.r.o.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2017-12-03] ()
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_f0b2a5e1e71031b3\nvlddmkm.sys [15620208 2017-10-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56376 2016-10-11] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-08-16] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [145048 2017-10-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [449688 2017-10-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [140952 2017-10-04] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [560856 2017-05-04] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [135320 2017-10-02] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [134264 2017-05-10] (Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
U3 aspnet_state; no ImagePath
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-03 13:29 - 2017-12-03 13:29 - 007649280 _____ C:\Program Files (x86)\GUT6EBB.tmp
2017-12-03 13:29 - 2017-12-03 13:29 - 000000000 ____D C:\Program Files (x86)\GUM6EAA.tmp
2017-12-03 13:28 - 2017-12-03 13:30 - 000029748 _____ C:\Users\Susie\Desktop\FRST.txt
2017-12-03 13:28 - 2017-12-03 13:28 - 000000000 ____D C:\FRST
2017-12-03 13:27 - 2017-12-03 13:28 - 000002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-03 13:27 - 2017-12-03 13:28 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-03 13:25 - 2017-12-03 13:25 - 002391552 _____ (Farbar) C:\Users\Susie\Desktop\FRST64.exe
2017-12-03 13:24 - 2017-12-03 13:30 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-03 13:24 - 2017-12-03 13:30 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-03 13:24 - 2017-12-03 13:27 - 000000000 ____D C:\Users\Susie\AppData\Local\Google
2017-12-03 13:24 - 2017-12-03 13:26 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-03 13:24 - 2017-12-03 13:24 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2017-12-03 13:24 - 2017-12-03 13:24 - 000002120 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2017-12-03 13:24 - 2017-12-03 13:24 - 000000000 ____D C:\Users\Susie\AppData\Roaming\AVG
2017-12-03 13:23 - 2017-12-03 13:23 - 001018648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.151232543671802
2017-12-03 13:23 - 2017-12-03 13:23 - 000447800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000366288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-12-03 13:23 - 2017-12-03 13:23 - 000356880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000336896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000314640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000196392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000192584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000176000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000166624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000140704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000102792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000076832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000051336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000039424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-12-03 13:23 - 2017-12-03 13:23 - 000004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-12-03 13:21 - 2017-12-03 13:21 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-12-03 13:21 - 2017-12-03 13:21 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-12-03 13:21 - 2017-12-03 13:21 - 000000000 ____D C:\Users\Susie\AppData\Roaming\AVAST Software
2017-12-03 13:21 - 2017-12-03 13:21 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-03 13:20 - 2017-12-03 13:20 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-12-03 13:20 - 2017-12-03 13:20 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-12-03 13:20 - 2017-12-03 13:20 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-12-03 13:20 - 2017-12-03 13:19 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151232525037504
2017-12-03 13:20 - 2017-12-03 13:19 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-12-03 13:20 - 2017-12-03 13:19 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-12-03 13:19 - 2017-12-03 13:19 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-03 13:19 - 2017-12-03 13:19 - 000000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-12-03 13:19 - 2017-12-03 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-12-03 13:17 - 2017-12-03 13:20 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-03 13:17 - 2017-12-03 13:17 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-12-03 13:17 - 2017-12-03 13:17 - 000000000 ____D C:\Users\Susie\AppData\Local\CEF
2017-12-03 13:16 - 2017-12-03 13:27 - 000000000 ____D C:\Users\Susie\AppData\Local\AvgSetupLog
2017-12-03 13:16 - 2017-12-03 13:24 - 000000000 ____D C:\Users\Susie\AppData\Local\Avg
2017-12-03 13:16 - 2017-12-03 13:23 - 000000000 ____D C:\ProgramData\Avg
2017-12-03 13:16 - 2017-12-03 13:19 - 000000000 ____D C:\ProgramData\AVAST Software
2017-12-03 13:16 - 2017-12-03 13:16 - 000000000 ____D C:\Program Files\AVAST Software
2017-12-03 13:15 - 2017-12-03 13:16 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Susie\Downloads\AVG_Protection_Free_1606.exe
2017-12-03 13:15 - 2017-12-03 13:15 - 006654960 _____ (AVAST Software) C:\Users\Susie\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-12-03 13:11 - 2017-12-03 13:11 - 001388448 _____ C:\Users\Public\ASR.dat
2017-12-03 08:14 - 2017-12-03 08:14 - 000000000 ___HD C:\ProgramData\temp
2017-12-03 08:11 - 2017-12-03 08:19 - 000000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - 427b190b-461b-c7f1-9f89-5a8e329f12a6
2017-12-03 08:09 - 2017-12-03 08:09 - 001851432 _____ (LogMeIn, Inc.) C:\Users\Susie\Downloads\Support-LogMeInRescue(4).exe
2017-12-02 16:49 - 2017-12-02 16:49 - 000113009 _____ C:\Users\Susie\Downloads\Agent Notes Cz52UIzlAG 2017-12-02.pdf
2017-12-02 16:22 - 2017-12-02 16:22 - 000000000 ___HD C:\TMRescueDisk
2017-12-02 16:12 - 2017-12-02 16:12 - 000001343 _____ C:\Users\Susie\Desktop\Trend Micro Internet Security.lnk
2017-12-02 16:12 - 2017-12-02 16:12 - 000000000 ____D C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
2017-12-02 16:11 - 2017-12-02 16:11 - 000000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2017-12-02 16:11 - 2017-12-02 16:11 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh
2017-12-02 16:11 - 2017-12-02 16:11 - 000000000 ____D C:\WINDOWS\system32\tmumh
2017-12-02 16:11 - 2017-10-04 13:55 - 000449688 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-12-02 16:11 - 2017-10-04 13:55 - 000145048 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2017-12-02 16:11 - 2017-10-04 13:55 - 000140952 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2017-12-02 16:11 - 2017-10-02 01:28 - 000135320 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2017-12-02 16:11 - 2017-05-10 02:46 - 000147672 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2017-12-02 16:11 - 2017-05-10 02:17 - 000134264 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2017-12-02 16:11 - 2017-05-04 14:56 - 000560856 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2017-12-02 16:11 - 2016-01-04 22:35 - 000072504 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2017-12-02 16:11 - 2015-06-22 21:49 - 000039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2017-12-02 16:10 - 2017-12-02 16:10 - 000003382 _____ C:\WINDOWS\System32\Tasks\AirSupport Update
2017-12-02 16:10 - 2017-12-02 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2017-12-02 14:22 - 2017-12-02 14:22 - 001851432 _____ (LogMeIn, Inc.) C:\Users\Susie\Downloads\Support-LogMeInRescue(3).exe
2017-12-02 13:23 - 2017-12-02 13:23 - 000000000 ____D C:\Users\Susie\AppData\Local\GoToAssist Remote Support Customer
2017-12-02 13:21 - 2017-12-03 13:02 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7AC3C007-8084-4478-BCD0-450A9512795D}
2017-11-19 19:23 - 2017-11-19 19:23 - 000000000 _____ C:\Users\Susie\Downloads\firefox-update.js
2017-11-18 06:34 - 2017-11-18 06:34 - 000311176 _____ (Mozilla) C:\Users\Susie\Downloads\Firefox Installer.exe
2017-11-14 18:02 - 2017-10-25 04:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 18:02 - 2017-10-25 04:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 18:02 - 2017-10-25 04:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 18:02 - 2017-10-25 03:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 18:02 - 2017-10-25 03:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 18:02 - 2017-10-25 03:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 18:02 - 2017-10-25 01:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 18:02 - 2017-10-24 23:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 18:02 - 2017-10-24 23:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 18:02 - 2017-10-24 23:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 18:02 - 2017-10-24 23:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 18:02 - 2017-10-24 23:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 18:02 - 2017-10-24 23:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 18:02 - 2017-10-24 23:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 18:02 - 2017-10-24 23:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 18:02 - 2017-10-24 23:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 18:02 - 2017-10-24 23:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 18:02 - 2017-10-24 23:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 18:02 - 2017-10-24 23:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 18:02 - 2017-10-24 23:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 18:02 - 2017-10-24 23:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 18:02 - 2017-10-24 23:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 18:02 - 2017-10-24 23:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 18:02 - 2017-10-24 23:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 18:02 - 2017-10-24 23:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 18:02 - 2017-10-24 23:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 18:02 - 2017-10-24 23:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 18:02 - 2017-10-24 23:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 18:02 - 2017-10-24 23:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 18:02 - 2017-10-24 23:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 18:02 - 2017-10-24 23:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 18:02 - 2017-10-24 23:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 18:02 - 2017-10-24 23:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 18:02 - 2017-10-24 23:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 18:02 - 2017-10-24 23:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 18:02 - 2017-10-24 23:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 18:02 - 2017-10-24 23:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 18:02 - 2017-10-24 23:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 18:02 - 2017-10-24 22:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 18:02 - 2017-10-24 22:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 18:02 - 2017-10-24 22:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 18:02 - 2017-10-24 22:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 18:02 - 2017-10-24 22:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 18:02 - 2017-10-24 22:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 18:02 - 2017-10-24 22:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 18:02 - 2017-10-24 22:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 18:02 - 2017-10-24 22:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 18:02 - 2017-10-24 22:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 18:02 - 2017-10-24 22:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 18:02 - 2017-10-24 22:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 18:02 - 2017-10-24 22:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 18:02 - 2017-10-24 22:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 18:02 - 2017-10-24 22:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 18:02 - 2017-10-24 22:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 18:02 - 2017-10-24 22:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 18:02 - 2017-10-24 22:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 18:02 - 2017-10-24 22:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 18:02 - 2017-10-24 22:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 18:02 - 2017-10-24 22:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 18:02 - 2017-10-24 22:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 18:02 - 2017-10-24 22:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 18:02 - 2017-10-24 22:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 18:02 - 2017-10-24 22:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 18:02 - 2017-10-24 22:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 18:02 - 2017-10-24 22:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 18:02 - 2017-10-24 22:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 18:02 - 2017-10-24 22:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 18:02 - 2017-10-24 22:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 18:02 - 2017-10-24 22:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 18:02 - 2017-10-24 22:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-14 18:02 - 2017-10-24 22:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 18:02 - 2017-10-24 22:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 18:02 - 2017-10-24 22:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 18:02 - 2017-10-24 22:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 18:02 - 2017-10-24 22:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 18:02 - 2017-10-24 22:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 18:02 - 2017-10-24 22:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 18:02 - 2017-10-24 22:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 18:02 - 2017-10-24 22:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 18:02 - 2017-10-24 22:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 18:02 - 2017-10-24 22:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 18:02 - 2017-10-24 22:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 18:02 - 2017-10-24 22:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 18:02 - 2017-10-24 22:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 18:02 - 2017-10-24 22:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 18:02 - 2017-10-24 22:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 18:02 - 2017-10-24 22:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 18:02 - 2017-10-24 22:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 18:02 - 2017-10-24 22:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 18:02 - 2017-10-24 22:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 18:02 - 2017-10-24 22:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 18:02 - 2017-10-24 22:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 18:02 - 2017-10-24 22:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 18:02 - 2017-10-24 22:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 18:02 - 2017-10-24 21:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 18:02 - 2017-10-24 21:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 18:02 - 2017-10-24 21:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 18:02 - 2017-10-24 21:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 18:02 - 2017-10-24 21:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 18:02 - 2017-10-24 21:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 18:02 - 2017-10-24 21:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 18:02 - 2017-10-24 21:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 18:02 - 2017-10-21 07:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 18:02 - 2017-10-20 09:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 18:02 - 2017-10-20 00:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-12 10:03 - 2017-11-24 09:38 - 000000000 ____D C:\Windows.old
2017-11-12 07:46 - 2017-11-12 07:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-12 07:45 - 2017-11-12 07:45 - 000000000 ___HD C:\Users\Susie\MicrosoftEdgeBackups
2017-11-12 07:43 - 2017-11-12 07:43 - 000000020 ___SH C:\Users\Susie\ntuser.ini
2017-11-12 07:43 - 2017-11-12 07:43 - 000000000 ___RD C:\Users\Susie\3D Objects
2017-11-12 07:34 - 2017-11-12 07:34 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-11-12 07:34 - 2017-11-12 07:34 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-11-12 07:33 - 2017-12-03 08:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 07:33 - 2017-11-30 10:39 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSusie
2017-11-12 07:33 - 2017-11-12 07:47 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4124504277-125677521-2394868591-1001
2017-11-12 07:33 - 2017-11-12 07:33 - 000003462 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-12 07:33 - 2017-11-12 07:33 - 000003238 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-12 07:33 - 2017-11-12 07:33 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-11-12 07:33 - 2017-11-12 07:33 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2017-11-12 07:33 - 2017-11-12 07:33 - 000002562 _____ C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-12 07:33 - 2017-11-12 07:33 - 000002498 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2017-11-12 07:33 - 2017-11-12 07:33 - 000002488 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2017-11-12 07:33 - 2017-11-12 07:33 - 000002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-11-12 07:33 - 2017-11-12 07:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\HP
2017-11-12 07:33 - 2017-11-12 07:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-11-12 07:33 - 2017-11-12 07:33 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-11-12 07:23 - 2016-09-26 15:18 - 000053280 _____ (HP) C:\WINDOWS\system32\accelerometerdll.DLL
2017-11-12 07:23 - 2016-09-26 15:18 - 000038752 _____ (HP) C:\WINDOWS\system32\HPSERVICE.exe
2017-11-12 07:19 - 2017-11-12 07:19 - 000000000 ____D C:\ProgramData\USOShared
2017-11-12 07:17 - 2017-11-12 07:17 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-12 07:15 - 2017-12-02 14:01 - 000000000 ____D C:\Users\Susie
2017-11-12 07:15 - 2017-11-14 18:01 - 000000000 ____D C:\Users\Susie\AppData\Local\Packages
2017-11-12 07:13 - 2017-11-14 19:29 - 000976446 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-12 07:12 - 2017-11-12 07:12 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2017-11-12 07:11 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-12 07:11 - 2017-09-01 13:28 - 000140288 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-11-12 07:11 - 2017-09-01 13:28 - 000116744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-11-12 07:08 - 2017-12-03 07:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 07:08 - 2017-11-14 19:05 - 000404248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-11 21:14 - 2017-11-12 10:03 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-11 20:59 - 2017-11-11 21:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-11 20:49 - 2017-11-11 20:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-11 20:49 - 2017-11-11 20:49 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-11 20:48 - 2017-11-11 20:48 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-11 20:48 - 2017-11-11 20:48 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-11 20:48 - 2017-11-11 20:48 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-11 20:48 - 2017-11-11 20:48 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-11 20:48 - 2017-11-11 20:48 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-11 20:48 - 2017-11-11 20:48 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-11 20:35 - 2017-11-11 20:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-11 20:35 - 2017-11-11 20:35 - 000000000 ____D C:\Program Files\MSBuild
2017-11-11 20:35 - 2017-11-11 20:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-11 20:35 - 2017-11-11 20:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-11 20:33 - 2017-11-11 20:33 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-11 20:33 - 2017-11-11 20:33 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-11 20:33 - 2017-11-11 20:33 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-11 20:33 - 2017-11-11 20:33 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-11 20:33 - 2017-11-11 20:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-11 20:33 - 2017-11-11 20:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-11 20:06 - 2017-11-11 20:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-03 16:12 - 2017-11-12 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-03 16:10 - 2017-11-12 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-03 16:10 - 2017-11-03 16:10 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-03 16:10 - 2017-11-03 16:10 - 000000000 ____D C:\Program Files\iTunes
2017-11-03 16:10 - 2017-11-03 16:10 - 000000000 ____D C:\Program Files\iPod
2017-11-03 04:05 - 2017-11-12 07:43 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-03 13:29 - 2017-08-01 17:32 - 000000000 ____D C:\Users\Susie\AppData\Local\DP_Tower_3.7
2017-12-03 13:29 - 2017-06-16 18:45 - 000000000 ____D C:\Users\Susie\AppData\LocalLow\Mozilla
2017-12-03 12:59 - 2017-06-17 08:39 - 000000000 ___RD C:\Users\Susie\iCloudDrive
2017-12-03 12:58 - 2017-06-16 16:40 - 000000000 __SHD C:\Users\Susie\IntelGraphicsProfiles
2017-12-03 12:38 - 2017-07-30 21:04 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-03 12:33 - 2017-08-08 19:08 - 000000000 ____D C:\Users\Susie\AppData\Local\D8EF38B3-7505-4FEB-9C1C-B56E69F4578C.aplzod
2017-12-03 08:18 - 2017-09-29 03:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-03 08:13 - 2017-09-29 03:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-03 08:12 - 2017-07-31 17:48 - 000000000 ____D C:\ProgramData\WRData
2017-12-03 06:36 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-03 06:35 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-03 06:35 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-02 17:08 - 2017-07-31 19:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-02 17:06 - 2017-10-14 08:52 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-02 17:06 - 2017-07-31 19:56 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-02 16:47 - 2017-08-01 17:32 - 000000000 ____D C:\ProgramData\Trend Micro
2017-12-02 16:15 - 2017-07-31 16:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 16:15 - 2017-07-31 16:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-02 16:12 - 2017-08-01 17:35 - 000000000 ____D C:\Users\Susie\AppData\Local\Trend Micro
2017-12-02 16:11 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-02 16:10 - 2017-08-01 17:32 - 000000000 ____D C:\Program Files\Trend Micro
2017-12-02 14:20 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2017-12-02 13:59 - 2017-07-31 16:40 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-02 13:50 - 2017-08-01 17:26 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-02 13:44 - 2017-10-25 16:14 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSusie.job
2017-12-02 13:07 - 2017-08-03 17:31 - 000000010 _____ C:\Users\Susie\AppData\Local\sponge.last.runtime.cache
2017-12-02 08:04 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 08:03 - 2016-10-17 05:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-18 06:36 - 2017-07-31 16:40 - 000001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-11-18 06:33 - 2017-07-31 16:59 - 000000000 ____D C:\Users\Susie\AppData\Roaming\Mozilla
2017-11-16 04:48 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-14 19:03 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 19:03 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-14 18:04 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-13 04:58 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-12 10:07 - 2017-09-29 08:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-12 10:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-12 10:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-12 10:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-12 10:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Help
2017-11-12 10:04 - 2017-08-01 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2017-11-12 10:04 - 2017-07-31 00:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-12 10:04 - 2017-05-07 03:00 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-12 10:04 - 2017-05-07 02:44 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-11-12 10:04 - 2017-05-07 02:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-12 10:04 - 2016-10-17 05:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-12 10:04 - 2016-10-17 05:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Orbit
2017-11-12 10:04 - 2016-10-17 05:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-11-12 10:03 - 2017-09-29 08:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-12 10:03 - 2017-07-31 00:54 - 000000000 ____D C:\Program Files (x86)\HP
2017-11-12 10:03 - 2017-07-30 21:03 - 000000000 ____D C:\Program Files\Intel
2017-11-12 10:01 - 2017-09-29 08:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-12 08:00 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-12 07:47 - 2017-07-30 21:35 - 000002370 _____ C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-12 07:47 - 2017-06-16 16:43 - 000000000 ___RD C:\Users\Susie\OneDrive
2017-11-12 07:44 - 2017-07-30 21:28 - 000000000 ____D C:\Users\Susie\AppData\Local\TileDataLayer
2017-11-12 07:43 - 2016-07-29 07:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-12 07:34 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-12 07:33 - 2017-07-30 21:24 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-12 07:29 - 2017-06-17 08:39 - 000000000 ____D C:\Users\Susie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2017-11-12 07:29 - 2016-07-29 07:38 - 000928892 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-11-12 07:19 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-12 07:17 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-12 07:13 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-12 07:12 - 2017-07-30 21:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-11-12 07:12 - 2017-07-30 21:04 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-12 07:12 - 2017-07-30 21:03 - 000360738 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-11-12 07:12 - 2017-07-30 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-12 07:12 - 2017-05-07 02:35 - 000000000 ____D C:\Intel
2017-11-11 21:24 - 2017-09-29 08:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-11 21:16 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-11 21:16 - 2017-07-30 21:03 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-11-11 21:15 - 2017-07-30 21:02 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-11-11 21:14 - 2017-07-31 00:53 - 000000000 ____D C:\Program Files\Synaptics
2017-11-11 21:14 - 2017-07-30 21:03 - 000000000 ____D C:\Program Files\Realtek
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-11 20:51 - 2017-09-29 09:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-08 04:41 - 2017-07-31 16:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-04 06:29 - 2017-05-07 02:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-11-03 20:25 - 2017-09-29 08:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 20:25 - 2017-09-29 08:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2017-12-03 13:11 - 2017-12-03 13:11 - 001388448 _____ () C:\Users\Public\ASR.dat
2017-08-01 17:31 - 2017-08-01 17:31 - 000000036 _____ () C:\Users\Susie\AppData\Local\housecall.guid.cache
2017-08-03 17:31 - 2017-12-02 13:07 - 000000010 _____ () C:\Users\Susie\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-02 17:06
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Susie (03-12-2017 13:33:22)
Running from C:\Users\Susie\Desktop
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-12 12:37:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4124504277-125677521-2394868591-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4124504277-125677521-2394868591-503 - Limited - Disabled)
Guest (S-1-5-21-4124504277-125677521-2394868591-501 - Limited - Disabled)
Susie (S-1-5-21-4124504277-125677521-2394868591-1001 - Administrator - Enabled) => C:\Users\Susie
WDAGUtilityAccount (S-1-5-21-4124504277-125677521-2394868591-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Internet Security (Enabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
AVG (HKLM\...\{E61E6143-4937-43FC-8C12-06B8A987484D}) (Version: 1.211.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.8.3036 - AVG Technologies)
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-641c724b-5f75-4e44-b225-ed77ea4841eb) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
FMW 1 (HKLM\...\{36133E9F-B129-4206-9FB4-13F707787542}) (Version: 1.226.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.8.37.11 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.28 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Letter Quest - Grimm's Journey (HKLM-x32\...\WTA-8bf74df3-60fa-4a0e-b5ab-b0ae5a3ee572) (Version: 3.0.2.118 - WildTangent) Hidden
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.1 (x64 en-US)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Mystika 2 (HKLM-x32\...\WTA-6fd71232-3a60-41a4-a24e-cd2b68098710) (Version: 1.1.2.4 - WildTangent) Hidden
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-cbb7ef22-2145-42f4-a86e-b7acc57b414f) (Version: 3.0.2.126 - WildTangent) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sparkle 2 (HKLM-x32\...\WTA-31d5a020-798d-49b3-879f-af545bb854ba) (Version: 3.0.2.51 - WildTangent) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 12.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1220 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0.1132 - Trend Micro Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2017-07-23] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-03] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-12-03] (AVAST Software)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-12-03] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E2958D-77B3-460F-AD50-E5F2D5061396} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {09BF8CDF-A751-45CD-A632-13B2D35708D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {0B6FC914-9115-4802-8B13-817B22BDDDED} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {0BB238E5-837A-400E-9183-1984A498D5A1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-12-03] (AVAST Software)
Task: {1C3D131F-73E1-4F51-A520-21B0A48291E9} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {1FB00862-BA2C-4D9A-AABA-2D1B22ABD909} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {2851318E-51DF-4ED1-8AAB-C7EEAEC139CF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)
Task: {2CEF86F4-3F67-451E-B8BB-D587A7982C42} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {399CF9CA-8629-4470-BC61-FE4E17EB190F} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {449AF879-4F2A-4463-A0EA-BEFEB6A3025C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {4550F160-AFE4-4C61-B736-78BE268C32FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {4898F816-B6D2-4BC5-B8D5-93E634D2EDDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {4D209434-DDD0-4570-BC1C-DBA214BA7F19} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-12-03] (AVG Technologies CZ, s.r.o.)
Task: {4F27A2EC-8E0C-46AF-B43A-73A5034F9361} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-03] (Google Inc.)
Task: {50171CFD-297D-4F1A-979A-B3005480A3DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {6E49C486-3194-4484-855D-7F1A08A3B30C} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [2017-07-23] (Trend Micro Inc.)
Task: {773875B7-6288-4574-AE15-5D6CE741E7E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {7B93BFC3-D0F5-4DF9-A35C-49C8F816860F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {7BF672F6-75B6-4FA3-9BF1-13FAFA644F30} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-30] (Dropbox, Inc.)
Task: {7E040FC5-5B22-4C20-A668-E392DFB31DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {83331872-BD8F-4CE2-A2BE-62EE33469C67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {92090D5F-9F76-4B93-952B-C6E67C22D632} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {A0C12BEF-C7C2-4BF0-BEC6-79F10E77375E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A97FC705-7010-4FC2-89D0-E52DA0A54A00} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
Task: {ABBD774E-1A97-41E2-9907-D1CF4DF1AE97} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-03] (Google Inc.)
Task: {AE86A0B2-9405-4D20-85DB-4C2E6CF476E3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {C4E1EECD-E283-4FC7-8233-469D0B9DA2D6} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {D008C2C7-FB0D-462B-A045-E0C69ED7CCD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {D11CDA06-0344-47E9-9810-8C8A63AFAE1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {DDFD1075-F1A8-4FBB-94D3-AF3B44C84DC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {E2428AC7-60BD-4B87-9196-3ACF9D155615} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-10-11] (NVIDIA Corporation)
Task: {E4B49A8D-5CE1-419B-909A-6DDEEB46F2CF} - System32\Tasks\HPCeeScheduleForSusie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSusie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-12-02 16:10 - 2017-01-13 02:39 - 000076288 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc140-mt-1_62.dll
2017-12-02 16:10 - 2017-01-13 02:41 - 000039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc140-mt-1_62.dll
2017-12-02 16:10 - 2017-01-13 03:01 - 000737792 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2017-12-02 16:10 - 2017-01-13 02:42 - 000131072 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc140-mt-1_62.dll
2017-12-02 16:10 - 2017-01-13 02:39 - 000048640 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc140-mt-1_62.dll
2017-12-02 16:10 - 2017-01-13 02:55 - 002333184 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2017-12-02 16:07 - 2017-07-23 14:24 - 000182568 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-08-01 18:08 - 2017-01-13 14:41 - 000039424 _____ () C:\Program Files\Trend Micro\TMIDS\boost_system-vc140-mt-1_62.dll
2017-08-01 18:08 - 2017-01-13 14:39 - 000076288 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc140-mt-1_62.dll
2017-12-02 16:11 - 2017-07-23 14:24 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll
2017-12-02 16:11 - 2017-07-23 14:24 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll
2017-12-02 16:11 - 2017-07-23 14:24 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll
2017-12-02 16:11 - 2017-07-23 14:24 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll
2017-12-02 16:11 - 2017-07-23 14:24 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-07-28 09:52 - 2017-07-28 09:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2016-10-17 05:20 - 2017-11-07 18:10 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-08-01 17:32 - 2017-07-14 17:22 - 000935880 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2017-09-29 08:42 - 2017-09-29 09:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 08:42 - 2017-09-29 09:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-02 16:07 - 2017-07-23 14:24 - 000085952 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2017-11-15 17:22 - 2017-11-15 17:22 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\298c19fe866b4cf1fab608583982d612\BRIDGECommon.ni.dll
2017-11-15 17:23 - 2017-11-15 17:23 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\11c066801d3df50e10aeafbb42dfb329\CleanStartController.ni.dll
2017-11-15 17:23 - 2017-11-15 17:23 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\11a0d8b5e39a6b852e347cc39f518a38\BridgeExtension.ni.dll
2017-11-15 17:23 - 2017-11-15 17:23 - 000070656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\8c171fc2c44b260197ffaaefa0d16d33\NativeInterop.ni.dll
2017-08-01 18:08 - 2017-01-26 11:35 - 001078272 _____ () C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2017-08-01 18:08 - 2017-02-23 00:31 - 001922560 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2017-08-01 18:08 - 2017-02-23 00:31 - 000079872 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2017-08-01 18:08 - 2017-02-23 00:31 - 004834816 _____ () C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2017-10-18 22:52 - 2017-10-18 22:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-05-08 23:45 - 2017-05-08 23:45 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-07 02:37 - 2016-10-11 05:37 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-12-03 13:17 - 2017-12-03 13:17 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-12-03 13:19 - 2017-12-03 13:19 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-12-03 13:23 - 2017-12-03 13:23 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-12-03 13:23 - 2017-12-03 13:23 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-12-03 13:23 - 2017-12-03 13:23 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-12-03 13:23 - 2017-12-03 13:23 - 000238928 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-12-03 13:23 - 2017-12-03 13:23 - 000245704 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-12-03 13:27 - 2017-11-10 04:21 - 003075928 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-12-03 13:27 - 2017-11-10 04:21 - 000086872 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-4124504277-125677521-2394868591-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4124504277-125677521-2394868591-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{132CF864-9CEA-441C-8A64-BDABDF904E2D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4AEAF153-EBBF-4941-B8BC-34E8164294E4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{12ABC62C-0073-4C99-834A-AF27E534362C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{D4803DB6-6D82-4D33-9B8C-233BE232D221}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{26249440-C6FF-4718-94B2-983E79D85825}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{C0C37285-CB5F-4C35-9A03-B67AAC6E8CE8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{81F9CB3A-446D-4112-BB02-04FBDEC44465}] => (Allow) LPort=13148
FirewallRules: [{5185FEE2-25AC-4C95-8204-8E3EE1364678}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{E242D92F-E535-4D53-AE74-90B118961BF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81C52C2B-72A9-427A-8190-CBC3342FFB45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED98CCBD-C7AA-407F-A3E5-837468215F32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE20A920-5B85-46AE-96AB-2048E79A57DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A66E3DE4-05C8-4D07-8174-09ACE73A49FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E82985A2-B379-4C14-BFD8-6569DEB9A611}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{E1467067-2298-449C-8739-5FC3131A8AE3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5C235EB1-7D68-4280-9231-CA57B9F33C75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1873BAF3-D88E-40EB-830D-D9D6C6299F4A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A77816F2-F462-48C5-94E4-D06F3AAA54AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AD27019B-AB17-447D-AD5E-7B32A797F03A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2AB34A1-480C-4378-8FAA-10914759A024}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{53F0F71E-5C58-4A62-8C4E-085C05D444D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A58D2C4-15F4-4CEB-9DA5-89C9726CF5FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{42D6A975-40A2-4290-A0E7-B03A2D79D105}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C1136F21-E04B-4CA0-BFC4-340687EC0816}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{69D13B85-C9E1-4919-A194-CA5E7F183EAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2BA69403-2A82-45CC-AD62-A0115FB55185}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C874A013-8941-47F1-BFAD-F1541B8AC37A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{47D04192-D6FC-4DB4-9BEF-D90A0D456ACA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E88B5872-C560-43B7-8A59-F006EA87AC23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E291CD10-84E5-4864-B0C6-E0B692BDD1FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3B83A7F-D4ED-414B-A0F7-08D6715C2AC6}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{4EE5BCAD-A69E-4895-BDA4-3587D2A5D212}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-11-2017 18:00:21 Windows Update
22-11-2017 05:11:29 Scheduled Checkpoint
30-11-2017 11:17:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2017 01:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-LS3M45PD.local already in use; will try LAPTOP-LS3M45PD-2.local instead
 
Error: (12/03/2017 01:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 LAPTOP-LS3M45PD.local. Addr 192.168.0.5
 
Error: (12/03/2017 01:31:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353   16 LAPTOP-LS3M45PD.local. AAAA 2604:6000:8185:BA00:1C2C:8D89:3C4A:F759
 
Error: (12/03/2017 01:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-LS3M45PD.local already in use; will try LAPTOP-LS3M45PD-2.local instead
 
Error: (12/03/2017 01:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 LAPTOP-LS3M45PD.local. Addr 192.168.0.5
 
Error: (12/03/2017 01:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353   16 LAPTOP-LS3M45PD.local. AAAA 2604:6000:8185:BA00:1C2C:8D89:3C4A:F759
 
Error: (12/03/2017 01:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-LS3M45PD.local already in use; will try LAPTOP-LS3M45PD-2.local instead
 
Error: (12/03/2017 01:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 LAPTOP-LS3M45PD.local. Addr 192.168.0.5
 
Error: (12/03/2017 01:31:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.5:5353   16 LAPTOP-LS3M45PD.local. AAAA 2604:6000:8185:BA00:1C2C:8D89:3C4A:F759
 
Error: (12/03/2017 01:25:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AvastUI.exe version 17.8.3705.249 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 38fc
 
Start Time: 01d36c637bc88356
 
Termination Time: 60000
 
Application Path: C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
Report Id: d48fa832-31af-46a0-8bbc-8db9843b0d7d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/03/2017 01:29:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error: 
%%3758213661
 
Error: (12/03/2017 01:28:26 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-LS3M45PD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-LS3M45PD\Susie SID (S-1-5-21-4124504277-125677521-2394868591-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 01:27:18 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-LS3M45PD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-LS3M45PD\Susie SID (S-1-5-21-4124504277-125677521-2394868591-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 01:13:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/03/2017 12:58:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-12-03 13:29:21.838
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:29:21.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:29:10.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:29:10.725
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:28:53.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:28:53.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:13:59.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:13:59.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:13:53.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-12-03 13:13:53.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 47%
Total physical RAM: 12173.22 MB
Available physical RAM: 6432.71 MB
Total Virtual: 14029.22 MB
Available Virtual: 7687.41 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:917.1 GB) (Free:845.45 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.18 GB) (Free:1.59 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C3EE33FE)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
zep516
Posted 03 December 2017 - 10:46 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Only run 1 Anti Virus. You have 3 running
Avast
Avg
Trend micro

Only keep 1. Uninstall the rest of them. Tell me what one you're keeping.

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
sucks2bme
Posted 04 December 2017 - 05:56 PM

sucks2bme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I have completed all of the steps, and have kept Trend micro. What should be the next step?


  • 0

#4
zep516
Posted 04 December 2017 - 07:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Did you run adwCleaner ? if so please post the log. If not please run it.
  • 0

#5
sucks2bme
Posted 05 December 2017 - 08:51 PM

sucks2bme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

I apologize didn't see the copy/paste request in your reply. Here is the log.

 

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 04 23:54:37 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1466 B] - [2017/12/4 23:53:28]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

  • 0

#6
zep516
Posted 05 December 2017 - 09:13 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Always run a Malwarebytes scan when things just don't seem right. Keep this program for future use.

Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
sucks2bme
Posted 09 December 2017 - 12:11 PM

sucks2bme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Here is the log from the Malwarebytes.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/9/17
Scan Time: 1:04 PM
Log File: 55885f6e-dd0b-11e7-be9f-3c5282d3c688.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3453
License: Trial
 
-System Information-
OS: Windows 10 (Build 16299.64)
CPU: x64
File System: NTFS
User: LAPTOP-LS3M45PD\Susie
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294218
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 4 min, 15 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.MapsFrontier, C:\USERS\SUSIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2NPE4YF4.DEFAULT\EXTENSIONS\{546BC2AF-D6E7-499F-90B6-58305B836702}.XPI, Quarantined, [14978], [456850],1.0.3453
Trojan.Kovter, C:\USERS\SUSIE\DOWNLOADS\FIREFOX-UPDATE.JS, Quarantined, [75], [447252],1.0.3453
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516
Posted 09 December 2017 - 02:05 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

How is the computer ? Are we still getting pop ups ? We may need to reset the browsers if so. To do that:

https://www.howtogee...fault-settings/
  • 0

#9
zep516
Posted 22 December 2017 - 11:09 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP