Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is Extremely Unresponsive [Closed]


  • This topic is locked This topic is locked

#1
fantasticdoitsu

fantasticdoitsu

    New Member

  • Member
  • Pip
  • 4 posts

I have a windows 10 laptop, and as of late it has become extremely unresponsive, and is becoming impossible to use. I am not sure if it is a virus, or hardware so I figured I would start here.

 

Here is the log from the scans

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by Cassie (administrator) on ANTONIO (18-01-2018 22:59:35)
Running from C:\Users\Cassie\Desktop
Loaded Profiles: Cassie (Available Profiles: Cassie)
Platform: Windows 10 Home Version 1703 15063.608 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-15e8575b.exe
() C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E1057724-701A-4C7F-B1BA-659C75B0943B}\MPSigStub.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [Google Update] => C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-26] (Google Inc.)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062048 2017-07-13] (Valve Corporation)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILOE.EXE [297024 2013-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 216.21.127.249 216.21.127.253
Tcpip\..\Interfaces\{3ef4d42a-ac1c-4c3d-94b5-74530a788611}: [DhcpNameServer] 216.21.127.249 216.21.127.253
Tcpip\..\Interfaces\{77cb6503-3166-4ad3-8097-ca90ac8c832f}: [DhcpNameServer] 127.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> DefaultScope {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL = 
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL = 
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
 
Edge: 
======
Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.4.0_neutral__8wekyb3d8bbwe [2017-12-21]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [2017-05-10]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2438370543-1171411930-338771542-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-2438370543-1171411930-338771542-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default [2018-01-18]
CHR Extension: (Slides) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Dark Theme for Google Chrome) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2017-12-07]
CHR Extension: (Docs) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (DuckDuckGo Search) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-11]
CHR Extension: (YouTube) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Honey) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-01-18]
CHR Extension: (Google Search) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (High Contrast) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-05-10]
CHR Extension: (Sheets) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (NEnhancer) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2017-07-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-04]
CHR Extension: (Gmail) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-18]
CHR HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-18] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-18] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 MpKsl91e3a8e4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EAB552EC-BF9F-40CF-AF60-B6C17D6A0C7D}\MpKsl91e3a8e4.sys [58120 2017-12-22] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 22:59 - 2018-01-18 23:01 - 000017706 _____ C:\Users\Cassie\Desktop\FRST.txt
2018-01-18 22:59 - 2018-01-18 22:59 - 000000000 ____D C:\FRST
2018-01-18 22:58 - 2018-01-18 22:58 - 002393088 _____ (Farbar) C:\Users\Cassie\Downloads\FRST64.exe
2018-01-18 22:58 - 2018-01-18 22:58 - 002393088 _____ (Farbar) C:\Users\Cassie\Desktop\FRST64.exe
2018-01-18 22:55 - 2018-01-18 22:55 - 001753600 _____ (Farbar) C:\Users\Cassie\Desktop\FRST.exe
2018-01-18 22:54 - 2018-01-18 22:55 - 001753600 _____ (Farbar) C:\Users\Cassie\Downloads\FRST.exe
2018-01-18 22:54 - 2018-01-18 22:54 - 000004348 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for Cassie
2018-01-18 22:53 - 2018-01-18 22:53 - 000001548 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2018-01-18 22:53 - 2018-01-18 22:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2018-01-18 22:53 - 2018-01-18 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2018-01-18 22:53 - 2018-01-18 22:53 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2018-01-18 22:29 - 2018-01-18 22:30 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-18 22:29 - 2018-01-18 22:29 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-18 22:29 - 2018-01-18 22:29 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-18 22:29 - 2018-01-18 22:29 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-18 22:28 - 2018-01-18 22:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-18 22:28 - 2018-01-18 22:28 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-18 22:28 - 2018-01-18 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-18 22:28 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-18 22:27 - 2018-01-18 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-18 22:27 - 2018-01-18 22:27 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-18 22:05 - 2018-01-18 22:06 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\efb3028b-8ac9-46fc-bed2-c63898747326.tmp
2018-01-18 22:04 - 2018-01-18 22:05 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\840fcd88-ae06-47dd-a432-614b07410771.tmp
2018-01-18 22:04 - 2018-01-18 22:04 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\fad04e3e-bfc2-475d-85e3-53fd55f785d3.tmp
2018-01-18 22:02 - 2018-01-18 22:03 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\711f7b13-9951-416b-a919-7d9a3fc79187.tmp
2018-01-18 22:00 - 2018-01-18 22:01 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\94f5ffa5-7789-4eea-9fd8-42c553b2ce4e.tmp
2018-01-18 22:00 - 2018-01-18 22:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus
2018-01-18 21:59 - 2018-01-18 22:00 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\3b1d144b-9871-4773-9bf4-00ae5df57248.tmp
2018-01-18 21:58 - 2018-01-18 21:59 - 082463440 _____ (Malwarebytes ) C:\Users\Cassie\Downloads\30c56cc2-4bd4-4efb-9340-e505c08040ba.tmp
2017-12-22 01:14 - 2017-12-22 01:14 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-21 23:55 - 2017-12-21 23:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-12-21 22:54 - 2017-12-21 22:54 - 000000000 ___HD C:\OneDriveTemp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-18 23:00 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-18 22:53 - 2013-11-05 03:56 - 000000000 ____D C:\ProgramData\Norton
2018-01-18 22:53 - 2013-11-05 03:56 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-01-18 22:46 - 2017-09-22 22:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-18 22:42 - 2014-12-24 23:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-18 22:29 - 2017-11-07 15:24 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-18 22:27 - 2016-11-25 22:15 - 000000000 ___RD C:\Users\Cassie\Google Drive
2018-01-18 22:26 - 2014-12-24 23:28 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-18 22:24 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-18 22:24 - 2015-08-10 16:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-18 22:24 - 2015-01-04 20:24 - 000000000 ____D C:\Users\Cassie\AppData\Local\CrashDumps
2018-01-18 22:22 - 2014-12-25 17:23 - 000000000 __RDO C:\Users\Cassie\OneDrive
2018-01-18 22:17 - 2016-05-14 02:03 - 000000000 __SHD C:\Users\Cassie\IntelGraphicsProfiles
2018-01-18 22:16 - 2017-09-22 22:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-18 22:15 - 2017-09-22 23:22 - 000947252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-18 22:15 - 2017-09-22 22:58 - 000000000 ____D C:\Users\Cassie
2018-01-18 22:12 - 2017-09-22 22:51 - 000256208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-18 22:10 - 2017-09-22 23:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-18 22:10 - 2017-03-18 05:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-18 22:00 - 2017-03-18 15:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-18 22:00 - 2017-03-18 05:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-18 21:52 - 2013-11-05 03:56 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-01-18 20:53 - 2014-12-21 17:30 - 000002523 _____ C:\Users\Cassie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-18 20:31 - 2017-05-27 09:33 - 000000000 ____D C:\Users\Cassie\Desktop\Cassie Resume
2017-12-22 01:15 - 2017-09-02 13:09 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-22 00:02 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-22 00:00 - 2014-12-21 16:29 - 000000000 ____D C:\Users\Cassie\AppData\Local\Packages
2017-12-21 23:26 - 2015-07-30 14:04 - 000000000 ____D C:\Program Files\Common Files\AV
2017-12-21 22:53 - 2017-09-22 23:55 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2438370543-1171411930-338771542-1001
2017-12-21 22:53 - 2016-05-14 19:46 - 000002415 _____ C:\Users\Cassie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-21 22:35 - 2017-09-22 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-08 06:05
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by Cassie (18-01-2018 23:01:41)
Running from C:\Users\Cassie\Desktop
Windows 10 Home Version 1703 15063.608 (X64) (2017-09-23 05:45:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2438370543-1171411930-338771542-500 - Administrator - Disabled)
Cassie (S-1-5-21-2438370543-1171411930-338771542-1001 - Administrator - Enabled) => C:\Users\Cassie
DefaultAccount (S-1-5-21-2438370543-1171411930-338771542-503 - Limited - Disabled)
Guest (S-1-5-21-2438370543-1171411930-338771542-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2438370543-1171411930-338771542-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EPSON XP-810 Series Printer Uninstall (HKLM\...\EPSON XP-810 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.150 - Symantec Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {079AC2D2-0D14-4936-82CB-2B48A6352A91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {0DF4117A-53A3-45AA-B5AD-E97EBBCA5787} - \Norton Anti-Theft\Norton Error Processor -> No File <==== ATTENTION
Task: {0E74B7B4-D6FD-4F07-87B9-A23227DCA3E8} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1B7164C0-BBD8-400D-80D6-0F0B4BA0FF58} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1D566EAF-BF50-44C7-8A18-5D0ED471E253} - \TOSHIBA\Service Station -> No File <==== ATTENTION
Task: {26FA61E4-AE6D-4A80-8F3D-F81E202CAF62} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ef39836853d6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {27D9BC0C-A809-48A0-ABA8-34D462B6C20E} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-500 -> No File <==== ATTENTION
Task: {2ABD570A-E314-4883-AE9D-B49A3D043331} - \WPD\SqmUpload_S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {2F7DC103-9C97-4825-B558-AD23EF96616F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3A5BC880-E0C3-4B03-992B-1C08844591DB} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4A2A3C82-FC0A-46BD-A719-DC38982F79FC} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {4AF9B1F1-3801-41F0-A617-793AF63DC9A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D5A14C6-C63F-4FA6-9034-ED8DF6B0125A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {607049E3-F759-4D15-A254-6012A4F11077} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {652E08C9-1139-4CCF-9B45-06DD35F8D99D} - \EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {67E727D0-6387-4D97-9440-C0816C1D50F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C1D0531-03E2-4829-81C1-8DE05111AFEC} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {6C36F675-5652-4D58-9BAE-F48501A70EAB} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {6DA582B4-A313-4EAE-8190-ACD50DBCC839} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core1d1ef399bd00c9e => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {73250A29-8FF5-4DFE-8D11-9A1BC33A8B6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA1d1ef399c51f86f => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {77F7A208-60CB-42CE-8085-96B61AD3EC1D} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8F461ED8-7BBC-4939-A93F-B7EEE4E707D9} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {917B2B5E-48A0-4D6F-8D04-2578BB960918} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9459D61D-5062-441A-BC01-C32C58E3D06A} - \Norton AntiVirus\Norton Error Processor -> No File <==== ATTENTION
Task: {97A46B9B-9A90-49B5-ADFC-D013A0278E37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {97F618DC-07C7-48B2-8C44-9645E9B3EA8F} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {9ED98AA6-4991-46D1-A14A-6FBFA34743C6} - \Norton Anti-Theft\Norton Error Analyzer -> No File <==== ATTENTION
Task: {A9CE4069-D1C8-4D0A-BD23-B08B5B8148A6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AB0CA722-AEA4-4F8C-AFA8-CC0E5D61E649} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADA8D520-83D6-408A-BCED-FDEA24BE0523} - \Norton AntiVirus\Norton Error Analyzer -> No File <==== ATTENTION
Task: {AE4A2738-81E2-4A5A-9078-8CFD0A139488} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B03BC7D4-D74C-40FC-868C-2BAD206E58A9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {B69346EC-71BD-4295-B0B1-C609DC64C4C0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B9865714-329D-4F06-B6BF-87857782D4EA} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {BE0C76BA-C5BE-4291-9B33-51610D9F61EC} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {C42517B7-1DBB-4EBE-91AF-31962D1126C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C447CF30-4003-46EF-8C0C-15D35409D5EC} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C4FA3445-A4EC-4D4C-8F90-8C400F86EB80} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ef3982aa8510 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CC9DB7EA-3189-49C1-825A-07E7D4ED16BF} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D097FDC4-9FF6-451C-9701-C0333B886CEF} - \Resolution+ Setting Task -> No File <==== ATTENTION
Task: {D24AC8D1-9488-4183-A1FA-AF64B26D30FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DA73F83B-0C70-4C65-93C2-C91B3B9F7862} - \Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask -> No File <==== ATTENTION
Task: {DB9D646E-442D-4BC8-A21E-74CA9DFFDD3E} - System32\Tasks\Norton Security Scan for Cassie => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.150\Nss.exe [2018-01-10] (Symantec Corporation)
Task: {E72D92DA-22CA-42DA-BEB3-B483A8EA23EE} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA -> No File <==== ATTENTION
Task: {E9A57D7A-4752-4F68-A86A-A996CE1BB3BB} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {EDFE275E-3089-4BFD-B863-90EF94D0E684} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {EE47F2AB-EDB9-4291-B621-05A2022C85EC} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {F03AC953-36F4-4707-9F21-1F2BAD8FA775} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F3889643-F87B-4BED-86C1-B38A0EA18910} - \EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {F8A0E106-3CE2-4519-A194-11CD78E53D09} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8E24443-BF96-49D5-AAD9-3A07E02023AA} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {F9CAC644-A6EB-4BD8-BF8C-21FF8A6DA361} - \User_Feed_Synchronization-{36EB20CD-520E-4CEB-A6D3-B513686BD73C} -> No File <==== ATTENTION
Task: {FC08AC06-B417-4A13-8F50-86DA727D3271} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE:/EXE:{077F468C-D605-4039-BF87-F2D772B0B66C} /F:UpdateWORKGROUP\ANTONIO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core.job => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA.job => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-27 13:53 - 2013-03-27 13:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-02 07:32 - 2016-12-02 07:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-11-20 15:27 - 2017-11-20 15:27 - 041061856 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2013-08-01 15:24 - 2013-08-01 15:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2018-01-18 22:28 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-18 22:28 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-17 22:12 - 2018-01-18 22:31 - 000545440 _____ () C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E1057724-701A-4C7F-B1BA-659C75B0943B}\MPSigStub.exe
2018-01-18 20:53 - 2018-01-03 03:20 - 004063064 _____ () C:\Users\Cassie\AppData\Local\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-18 20:53 - 2018-01-03 03:20 - 000099672 _____ () C:\Users\Cassie\AppData\Local\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-07-10 23:40 - 2017-07-10 23:40 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-07-10 23:40 - 2017-07-10 23:40 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-09-24 00:07 - 2017-09-04 23:19 - 004125088 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2014-04-18 03:10 - 2013-09-03 17:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-12-21 22:52 - 2017-12-21 22:52 - 000102088 _____ () C:\Users\Cassie\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\UpdateRingSettings.dll
2018-01-18 22:18 - 2018-01-18 22:18 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_ctypes.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000919552 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_hashlib.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32api.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pywintypes27.dll
2018-01-18 22:19 - 2018-01-18 22:19 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pythoncom27.dll
2018-01-18 22:19 - 2018-01-18 22:19 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\unicodedata.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32com.shell.shell.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._core_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._gdi_.pyd
2018-01-18 22:20 - 2018-01-18 22:21 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._windows_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._controls_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._misc_.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pysqlite2._sqlite.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32file.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32security.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\hashobjs_ext.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\thumbnails_ext.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\usb_ext.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\common.time34.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32event.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.conditional.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.winwrap.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.volumes.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32gui.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_socket.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 001311744 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_ssl.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000129536 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_elementtree.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000127488 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pyexpat.pyd
2018-01-18 22:19 - 2018-01-18 22:20 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32inet.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._html2.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_psutil_windows.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows._lib_cacheinvalidation.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32crypt.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\PIL._imaging.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_multiprocessing.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_yappi.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32process.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32pipe.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\select.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32pdh.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.device_monitor.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32profile.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32ts.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_ctypes.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000919552 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_hashlib.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32api.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pywintypes27.dll
2018-01-18 22:27 - 2018-01-18 22:27 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pythoncom27.dll
2018-01-18 22:27 - 2018-01-18 22:27 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\unicodedata.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32com.shell.shell.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._core_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._gdi_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._windows_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._controls_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._misc_.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pysqlite2._sqlite.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32file.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32security.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\hashobjs_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\thumbnails_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\usb_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\common.time34.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32event.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.conditional.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.winwrap.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.volumes.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32gui.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_socket.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 001311744 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_ssl.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000129536 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_elementtree.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000127488 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pyexpat.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32inet.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._html2.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_psutil_windows.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows._lib_cacheinvalidation.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32crypt.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\PIL._imaging.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_multiprocessing.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_yappi.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32process.pyd
2018-01-18 22:27 - 2018-01-18 22:28 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32pipe.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\select.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32pdh.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.device_monitor.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32profile.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32ts.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassie\Desktop\Cassie's Folder\Photos\Photos\Video Game Stuff\Arcade 1.jpg
DNS Servers: 216.21.127.249 - 216.21.127.253
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{42DEFB7C-6E96-4335-B0C9-DC725EFEF6F9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A0DC19A5-AAD6-4FDB-A569-1AF19A70CEE0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D6CF8169-0C3A-4CCF-8863-90EA21FF0183}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2028368A-7676-40E0-ACAD-5366637D678B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{F1E92A38-D72D-49F8-81C9-C81B75A0148D}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{E49A9C49-FA4C-4AE4-A2BE-5658E3B9615A}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{7492A45E-FEF0-49C4-8744-068EA662CAB2}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{C35CF434-D475-402B-A5E0-C956D725A5A2}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6B87EA6B-0EF8-471F-A33C-748576E8AF88}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7DE3F711-CEC2-43F3-A5B7-37E20E5A5413}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FBEFB85F-D577-496E-90B0-E3D7EA36FF90}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3F2D510A-335B-45D3-A633-A7D0492F54C3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4B23B346-B5D8-4730-82F8-1F605E198302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{0AC9FD6C-7F2A-4D8E-A0FC-94A39D834E4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{E9EDD3D0-5086-447B-8DC9-5B2AECA44AF1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{131BAEA9-CE14-4757-881F-BF8E5AB7FFA5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{90CE8AF9-89B5-4B75-B6CF-1C4D0E3C0694}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23331EBC-3984-43B5-875E-B832060EF181}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{10E7E317-806D-4DD9-B0F0-6600A2F61F80}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
 
==================== Restore Points =========================
 
08-11-2017 03:28:14 Windows Update
08-11-2017 03:29:02 Windows Update
18-01-2018 21:23:14 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2018 10:42:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/18/2018 10:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANTONIO)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/18/2018 10:24:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANTONIO)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/18/2018 10:24:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANTONIO)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/18/2018 10:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x28c4
Faulting application start time: 0x01d390dd5ad5009c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 13dc5f4e-9530-44ce-b84d-cd00b0e8704f
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/18/2018 10:24:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x28c4
Faulting application start time: 0x01d390dd5ad5009c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: dd781139-3914-47d9-a819-f4a4005adedc
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/18/2018 10:24:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x28c4
Faulting application start time: 0x01d390dd5ad5009c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: e622c76b-c52c-4c0a-a5d8-698d789b6053
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/18/2018 10:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x28c4
Faulting application start time: 0x01d390dd5ad5009c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 0cea9fb0-c09a-484d-a4ae-38116c4ca2b4
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/18/2018 10:24:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1960
Faulting application start time: 0x01d390dd462c86d7
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 1b1c55db-eec2-4702-a303-c43a31dec04f
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (01/18/2018 10:23:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1960
Faulting application start time: 0x01d390dd462c86d7
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: bf773b88-ed6f-4172-9851-949b987efd0d
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
 
System errors:
=============
Error: (01/18/2018 11:00:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Update for Windows 10 Version 1703 for x64-based Systems (KB4033631).
 
Error: (01/18/2018 10:43:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8000ffff: Feature update to Windows 10, version 1709.
 
Error: (01/18/2018 10:43:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 2017-11 Update for Windows 10 Version 1703 for x64-based Systems (KB4049011).
 
Error: (01/18/2018 10:25:37 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaPlaces.PlaceStore did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:24:26 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:24:25 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:22:10 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:21:39 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:19:37 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
Error: (01/18/2018 10:19:35 PM) (Source: DCOM) (EventID: 10010) (User: ANTONIO)
Description: The server Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-18 22:29:15.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8104.14 MB
Available physical RAM: 4520.91 MB
Total Virtual: 9384.14 MB
Available Virtual: 5719.71 MB
 
==================== Drives ================================
 
Drive c: (TI10684700A) (Fixed) (Total:687.28 GB) (Free:577.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Looking over your logs, I'll be back once I've finished.

 

Talk to you then.


  • 0

#3
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Hi Fantasticdoitsu

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:

  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.
 

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I don't see any clear indications of an active infection on your computer, but there are a few things that need attention, and some things that need to be investigated further.

So, let's make a start and see where it takes us ....
 

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> DefaultScope {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL =
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
CHR HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {079AC2D2-0D14-4936-82CB-2B48A6352A91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {0DF4117A-53A3-45AA-B5AD-E97EBBCA5787} - \Norton Anti-Theft\Norton Error Processor -> No File <==== ATTENTION
Task: {0E74B7B4-D6FD-4F07-87B9-A23227DCA3E8} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1B7164C0-BBD8-400D-80D6-0F0B4BA0FF58} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1D566EAF-BF50-44C7-8A18-5D0ED471E253} - \TOSHIBA\Service Station -> No File <==== ATTENTION
Task: {27D9BC0C-A809-48A0-ABA8-34D462B6C20E} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-500 -> No File <==== ATTENTION
Task: {2ABD570A-E314-4883-AE9D-B49A3D043331} - \WPD\SqmUpload_S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {2F7DC103-9C97-4825-B558-AD23EF96616F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3A5BC880-E0C3-4B03-992B-1C08844591DB} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4A2A3C82-FC0A-46BD-A719-DC38982F79FC} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {4AF9B1F1-3801-41F0-A617-793AF63DC9A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D5A14C6-C63F-4FA6-9034-ED8DF6B0125A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {607049E3-F759-4D15-A254-6012A4F11077} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {652E08C9-1139-4CCF-9B45-06DD35F8D99D} - \EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {67E727D0-6387-4D97-9440-C0816C1D50F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C1D0531-03E2-4829-81C1-8DE05111AFEC} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {6C36F675-5652-4D58-9BAE-F48501A70EAB} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {77F7A208-60CB-42CE-8085-96B61AD3EC1D} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8F461ED8-7BBC-4939-A93F-B7EEE4E707D9} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {917B2B5E-48A0-4D6F-8D04-2578BB960918} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9459D61D-5062-441A-BC01-C32C58E3D06A} - \Norton AntiVirus\Norton Error Processor -> No File <==== ATTENTION
Task: {97A46B9B-9A90-49B5-ADFC-D013A0278E37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {97F618DC-07C7-48B2-8C44-9645E9B3EA8F} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {9ED98AA6-4991-46D1-A14A-6FBFA34743C6} - \Norton Anti-Theft\Norton Error Analyzer -> No File <==== ATTENTION
Task: {A9CE4069-D1C8-4D0A-BD23-B08B5B8148A6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AB0CA722-AEA4-4F8C-AFA8-CC0E5D61E649} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADA8D520-83D6-408A-BCED-FDEA24BE0523} - \Norton AntiVirus\Norton Error Analyzer -> No File <==== ATTENTION
Task: {AE4A2738-81E2-4A5A-9078-8CFD0A139488} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B03BC7D4-D74C-40FC-868C-2BAD206E58A9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {B69346EC-71BD-4295-B0B1-C609DC64C4C0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B9865714-329D-4F06-B6BF-87857782D4EA} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {BE0C76BA-C5BE-4291-9B33-51610D9F61EC} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {C42517B7-1DBB-4EBE-91AF-31962D1126C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C447CF30-4003-46EF-8C0C-15D35409D5EC} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CC9DB7EA-3189-49C1-825A-07E7D4ED16BF} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D097FDC4-9FF6-451C-9701-C0333B886CEF} - \Resolution+ Setting Task -> No File <==== ATTENTION
Task: {D24AC8D1-9488-4183-A1FA-AF64B26D30FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DA73F83B-0C70-4C65-93C2-C91B3B9F7862} - \Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask -> No File <==== ATTENTION
Task: {E72D92DA-22CA-42DA-BEB3-B483A8EA23EE} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA -> No File <==== ATTENTION
Task: {E9A57D7A-4752-4F68-A86A-A996CE1BB3BB} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {EDFE275E-3089-4BFD-B863-90EF94D0E684} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {EE47F2AB-EDB9-4291-B621-05A2022C85EC} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {F03AC953-36F4-4707-9F21-1F2BAD8FA775} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F3889643-F87B-4BED-86C1-B38A0EA18910} - \EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {F8A0E106-3CE2-4519-A194-11CD78E53D09} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8E24443-BF96-49D5-AAD9-3A07E02023AA} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {F9CAC644-A6EB-4BD8-BF8C-21FF8A6DA361} - \User_Feed_Synchronization-{36EB20CD-520E-4CEB-A6D3-B513686BD73C} -> No File <==== ATTENTION
Task: {FC08AC06-B417-4A13-8F50-86DA727D3271} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
EmptyTemp:
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ....

There are a bunch of Python files running from a Temp folder on your machine ...



2018-01-18 22:18 - 2018-01-18 22:18 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_ctypes.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000919552 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_hashlib.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32api.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pywintypes27.dll
2018-01-18 22:19 - 2018-01-18 22:19 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pythoncom27.dll
2018-01-18 22:19 - 2018-01-18 22:19 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\unicodedata.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32com.shell.shell.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._core_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._gdi_.pyd
2018-01-18 22:20 - 2018-01-18 22:21 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._windows_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._controls_.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._misc_.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pysqlite2._sqlite.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32file.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32security.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\hashobjs_ext.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\thumbnails_ext.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\usb_ext.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\common.time34.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32event.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.conditional.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.winwrap.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.volumes.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32gui.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_socket.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 001311744 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_ssl.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000129536 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_elementtree.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000127488 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\pyexpat.pyd
2018-01-18 22:19 - 2018-01-18 22:20 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32inet.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\wx._html2.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_psutil_windows.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows._lib_cacheinvalidation.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32crypt.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\PIL._imaging.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_multiprocessing.pyd
2018-01-18 22:18 - 2018-01-18 22:18 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\_yappi.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32process.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32pipe.pyd
2018-01-18 22:19 - 2018-01-18 22:19 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\select.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32pdh.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\windows.device_monitor.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32profile.pyd
2018-01-18 22:20 - 2018-01-18 22:20 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI86522\win32ts.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_ctypes.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000919552 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_hashlib.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32api.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pywintypes27.dll
2018-01-18 22:27 - 2018-01-18 22:27 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pythoncom27.dll
2018-01-18 22:27 - 2018-01-18 22:27 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\unicodedata.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32com.shell.shell.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._core_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._gdi_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._windows_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._controls_.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._misc_.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pysqlite2._sqlite.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32file.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32security.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\hashobjs_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\thumbnails_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\usb_ext.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\common.time34.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32event.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.conditional.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.winwrap.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.volumes.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32gui.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_socket.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 001311744 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_ssl.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000129536 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_elementtree.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000127488 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\pyexpat.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32inet.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\wx._html2.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_psutil_windows.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows._lib_cacheinvalidation.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32crypt.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\PIL._imaging.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_multiprocessing.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\_yappi.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32process.pyd
2018-01-18 22:27 - 2018-01-18 22:28 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32pipe.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\select.pyd
2018-01-18 22:27 - 2018-01-18 22:27 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32pdh.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\windows.device_monitor.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32profile.pyd
2018-01-18 22:28 - 2018-01-18 22:28 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI69602\win32ts.pyd


I can't find any clear indication of why they might be there.  Do you know ?

Summary of the information I need from you in your next post:

  • The fixlog from FRST
  • An answer to my question about the Python files.


 

 


  • 0

#4
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Its been a couple of days since I posted, and I haven't received a reply from you ........ do you still need help with your machine.

 

If so, please post the information I asked for in my last post.


  • 0

#5
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#6
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#7
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

As per OP's request this topic has been re-opened.


  • 0

#8
fantasticdoitsu

fantasticdoitsu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the fix log, and I do not know what the Python files are for.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Cassie (06-03-2018 21:49:34) Run:2
Running from C:\Users\Cassie\Desktop
Loaded Profiles: Cassie (Available Profiles: Cassie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> DefaultScope {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL =
SearchScopes: HKU\S-1-5-21-2438370543-1171411930-338771542-1001 -> {D8F97E52-0A1E-41C4-ACFB-49C18728BC14} URL =
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
CHR HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {079AC2D2-0D14-4936-82CB-2B48A6352A91} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0D21BBCE-5FF6-4613-B62C-48148CA6EAA1} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {0DF4117A-53A3-45AA-B5AD-E97EBBCA5787} - \Norton Anti-Theft\Norton Error Processor -> No File <==== ATTENTION
Task: {0E74B7B4-D6FD-4F07-87B9-A23227DCA3E8} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {1B7164C0-BBD8-400D-80D6-0F0B4BA0FF58} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1D566EAF-BF50-44C7-8A18-5D0ED471E253} - \TOSHIBA\Service Station -> No File <==== ATTENTION
Task: {27D9BC0C-A809-48A0-ABA8-34D462B6C20E} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-500 -> No File <==== ATTENTION
Task: {2ABD570A-E314-4883-AE9D-B49A3D043331} - \WPD\SqmUpload_S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {2F7DC103-9C97-4825-B558-AD23EF96616F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3A5BC880-E0C3-4B03-992B-1C08844591DB} - \Norton WSC Integration -> No File <==== ATTENTION
Task: {4520E8A9-AF06-4122-859B-E4B655B29B36} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {4A2A3C82-FC0A-46BD-A719-DC38982F79FC} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {4AF9B1F1-3801-41F0-A617-793AF63DC9A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D5A14C6-C63F-4FA6-9034-ED8DF6B0125A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {607049E3-F759-4D15-A254-6012A4F11077} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {652E08C9-1139-4CCF-9B45-06DD35F8D99D} - \EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {67E727D0-6387-4D97-9440-C0816C1D50F5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6C1D0531-03E2-4829-81C1-8DE05111AFEC} - \Microsoft\XblGameSave\XblGameSaveTaskLogon -> No File <==== ATTENTION
Task: {6C36F675-5652-4D58-9BAE-F48501A70EAB} - \Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-1001 -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {77F7A208-60CB-42CE-8085-96B61AD3EC1D} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8F461ED8-7BBC-4939-A93F-B7EEE4E707D9} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Task: {917B2B5E-48A0-4D6F-8D04-2578BB960918} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9459D61D-5062-441A-BC01-C32C58E3D06A} - \Norton AntiVirus\Norton Error Processor -> No File <==== ATTENTION
Task: {97A46B9B-9A90-49B5-ADFC-D013A0278E37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {97F618DC-07C7-48B2-8C44-9645E9B3EA8F} - \Microsoft\Windows\Customer Experience Improvement Program\Uploader -> No File <==== ATTENTION
Task: {9ED98AA6-4991-46D1-A14A-6FBFA34743C6} - \Norton Anti-Theft\Norton Error Analyzer -> No File <==== ATTENTION
Task: {A9CE4069-D1C8-4D0A-BD23-B08B5B8148A6} - \Synaptics TouchPad Enhancements -> No File <==== ATTENTION
Task: {AB0CA722-AEA4-4F8C-AFA8-CC0E5D61E649} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADA8D520-83D6-408A-BCED-FDEA24BE0523} - \Norton AntiVirus\Norton Error Analyzer -> No File <==== ATTENTION
Task: {AE4A2738-81E2-4A5A-9078-8CFD0A139488} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B03BC7D4-D74C-40FC-868C-2BAD206E58A9} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {B69346EC-71BD-4295-B0B1-C609DC64C4C0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B9865714-329D-4F06-B6BF-87857782D4EA} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {BE0C76BA-C5BE-4291-9B33-51610D9F61EC} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {C42517B7-1DBB-4EBE-91AF-31962D1126C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C447CF30-4003-46EF-8C0C-15D35409D5EC} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core -> No File <==== ATTENTION
Task: {C4AE3C3E-C327-4689-B6FD-C11FB31AE88B} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {CC9DB7EA-3189-49C1-825A-07E7D4ED16BF} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D097FDC4-9FF6-451C-9701-C0333B886CEF} - \Resolution+ Setting Task -> No File <==== ATTENTION
Task: {D24AC8D1-9488-4183-A1FA-AF64B26D30FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DA73F83B-0C70-4C65-93C2-C91B3B9F7862} - \Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask -> No File <==== ATTENTION
Task: {E72D92DA-22CA-42DA-BEB3-B483A8EA23EE} - \GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA -> No File <==== ATTENTION
Task: {E9A57D7A-4752-4F68-A86A-A996CE1BB3BB} - \Remediation\AntimalwareMigrationTask -> No File <==== ATTENTION
Task: {EDFE275E-3089-4BFD-B863-90EF94D0E684} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {EE47F2AB-EDB9-4291-B621-05A2022C85EC} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {F03AC953-36F4-4707-9F21-1F2BAD8FA775} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F3889643-F87B-4BED-86C1-B38A0EA18910} - \EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C} -> No File <==== ATTENTION
Task: {F8A0E106-3CE2-4519-A194-11CD78E53D09} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8E24443-BF96-49D5-AAD9-3A07E02023AA} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {F9CAC644-A6EB-4BD8-BF8C-21FF8A6DA361} - \User_Feed_Synchronization-{36EB20CD-520E-4CEB-A6D3-B513686BD73C} -> No File <==== ATTENTION
Task: {FC08AC06-B417-4A13-8F50-86DA727D3271} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8F97E52-0A1E-41C4-ACFB-49C18728BC14}" => removed successfully
HKLM\Software\Classes\CLSID\{D8F97E52-0A1E-41C4-ACFB-49C18728BC14} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => removed successfully
"HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => removed successfully
"HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{079AC2D2-0D14-4936-82CB-2B48A6352A91}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{079AC2D2-0D14-4936-82CB-2B48A6352A91}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RacTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DF4117A-53A3-45AA-B5AD-E97EBBCA5787}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF4117A-53A3-45AA-B5AD-E97EBBCA5787}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E74B7B4-D6FD-4F07-87B9-A23227DCA3E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E74B7B4-D6FD-4F07-87B9-A23227DCA3E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\IME\SQM data sender" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B7164C0-BBD8-400D-80D6-0F0B4BA0FF58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B7164C0-BBD8-400D-80D6-0F0B4BA0FF58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D566EAF-BF50-44C7-8A18-5D0ED471E253}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D566EAF-BF50-44C7-8A18-5D0ED471E253}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TOSHIBA\Service Station" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27D9BC0C-A809-48A0-ABA8-34D462B6C20E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D9BC0C-A809-48A0-ABA8-34D462B6C20E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-500" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ABD570A-E314-4883-AE9D-B49A3D043331}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABD570A-E314-4883-AE9D-B49A3D043331}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2438370543-1171411930-338771542-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F7DC103-9C97-4825-B558-AD23EF96616F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F7DC103-9C97-4825-B558-AD23EF96616F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5BC880-E0C3-4B03-992B-1C08844591DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5BC880-E0C3-4B03-992B-1C08844591DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4520E8A9-AF06-4122-859B-E4B655B29B36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4520E8A9-AF06-4122-859B-E4B655B29B36}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppID\SmartScreenSpecific" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A2A3C82-FC0A-46BD-A719-DC38982F79FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A2A3C82-FC0A-46BD-A719-DC38982F79FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Policy Install" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AF9B1F1-3801-41F0-A617-793AF63DC9A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AF9B1F1-3801-41F0-A617-793AF63DC9A7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D5A14C6-C63F-4FA6-9034-ED8DF6B0125A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D5A14C6-C63F-4FA6-9034-ED8DF6B0125A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{607049E3-F759-4D15-A254-6012A4F11077}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607049E3-F759-4D15-A254-6012A4F11077}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{652E08C9-1139-4CCF-9B45-06DD35F8D99D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{652E08C9-1139-4CCF-9B45-06DD35F8D99D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67E727D0-6387-4D97-9440-C0816C1D50F5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67E727D0-6387-4D97-9440-C0816C1D50F5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C1D0531-03E2-4829-81C1-8DE05111AFEC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1D0531-03E2-4829-81C1-8DE05111AFEC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\XblGameSave\XblGameSaveTaskLogon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C36F675-5652-4D58-9BAE-F48501A70EAB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C36F675-5652-4D58-9BAE-F48501A70EAB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2438370543-1171411930-338771542-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77F7A208-60CB-42CE-8085-96B61AD3EC1D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F7A208-60CB-42CE-8085-96B61AD3EC1D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F461ED8-7BBC-4939-A93F-B7EEE4E707D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F461ED8-7BBC-4939-A93F-B7EEE4E707D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{917B2B5E-48A0-4D6F-8D04-2578BB960918}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{917B2B5E-48A0-4D6F-8D04-2578BB960918}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9459D61D-5062-441A-BC01-C32C58E3D06A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9459D61D-5062-441A-BC01-C32C58E3D06A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Processor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97A46B9B-9A90-49B5-ADFC-D013A0278E37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A46B9B-9A90-49B5-ADFC-D013A0278E37}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97F618DC-07C7-48B2-8C44-9645E9B3EA8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97F618DC-07C7-48B2-8C44-9645E9B3EA8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9ED98AA6-4991-46D1-A14A-6FBFA34743C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ED98AA6-4991-46D1-A14A-6FBFA34743C6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9CE4069-D1C8-4D0A-BD23-B08B5B8148A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9CE4069-D1C8-4D0A-BD23-B08B5B8148A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB0CA722-AEA4-4F8C-AFA8-CC0E5D61E649}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB0CA722-AEA4-4F8C-AFA8-CC0E5D61E649}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADA8D520-83D6-408A-BCED-FDEA24BE0523}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA8D520-83D6-408A-BCED-FDEA24BE0523}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Analyzer" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE4A2738-81E2-4A5A-9078-8CFD0A139488}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE4A2738-81E2-4A5A-9078-8CFD0A139488}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B03BC7D4-D74C-40FC-868C-2BAD206E58A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B03BC7D4-D74C-40FC-868C-2BAD206E58A9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B69346EC-71BD-4295-B0B1-C609DC64C4C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B69346EC-71BD-4295-B0B1-C609DC64C4C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9865714-329D-4F06-B6BF-87857782D4EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9865714-329D-4F06-B6BF-87857782D4EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE0C76BA-C5BE-4291-9B33-51610D9F61EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE0C76BA-C5BE-4291-9B33-51610D9F61EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C42517B7-1DBB-4EBE-91AF-31962D1126C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C42517B7-1DBB-4EBE-91AF-31962D1126C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C447CF30-4003-46EF-8C0C-15D35409D5EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C447CF30-4003-46EF-8C0C-15D35409D5EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B2579B-4962-4D12-883D-BBD420573A6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B2579B-4962-4D12-883D-BBD420573A6C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9ACBFD2-20AA-4A3F-BE1A-A3D5279BB1BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Plug and Play\Plug and Play Cleanup" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC9DB7EA-3189-49C1-825A-07E7D4ED16BF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC9DB7EA-3189-49C1-825A-07E7D4ED16BF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUSessionConnect" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D097FDC4-9FF6-451C-9701-C0333B886CEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D097FDC4-9FF6-451C-9701-C0333B886CEF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Resolution+ Setting Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D24AC8D1-9488-4183-A1FA-AF64B26D30FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24AC8D1-9488-4183-A1FA-AF64B26D30FF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA73F83B-0C70-4C65-93C2-C91B3B9F7862}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA73F83B-0C70-4C65-93C2-C91B3B9F7862}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E72D92DA-22CA-42DA-BEB3-B483A8EA23EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72D92DA-22CA-42DA-BEB3-B483A8EA23EE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9A57D7A-4752-4F68-A86A-A996CE1BB3BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A57D7A-4752-4F68-A86A-A996CE1BB3BB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDFE275E-3089-4BFD-B863-90EF94D0E684}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDFE275E-3089-4BFD-B863-90EF94D0E684}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\AUScheduledInstall" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE47F2AB-EDB9-4291-B621-05A2022C85EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE47F2AB-EDB9-4291-B621-05A2022C85EC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F03AC953-36F4-4707-9F21-1F2BAD8FA775}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F03AC953-36F4-4707-9F21-1F2BAD8FA775}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3889643-F87B-4BED-86C1-B38A0EA18910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3889643-F87B-4BED-86C1-B38A0EA18910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8A0E106-3CE2-4519-A194-11CD78E53D09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8A0E106-3CE2-4519-A194-11CD78E53D09}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8E24443-BF96-49D5-AAD9-3A07E02023AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E24443-BF96-49D5-AAD9-3A07E02023AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9CAC644-A6EB-4BD8-BF8C-21FF8A6DA361}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9CAC644-A6EB-4BD8-BF8C-21FF8A6DA361}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{36EB20CD-520E-4CEB-A6D3-B513686BD73C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC08AC06-B417-4A13-8F50-86DA727D3271}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC08AC06-B417-4A13-8F50-86DA727D3271}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35521384 B
Java, Flash, Steam htmlcache => 59517208 B
Windows/system/drivers => 61768866 B
Edge => 21759541 B
Chrome => 1091732549 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 5054 B
NetworkService => 32609686 B
Cassie => 550321512 B
 
RecycleBin => 1411321579 B
EmptyTemp: => 3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:08:29 ====

  • 0

#9
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

OK, next let's remove the "unknown" Python files, and see where that takes us ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlist.txt will open.
  • Copy and paste the following into it ....

C:\Users\Cassie\AppData\Local\Temp\_MEI69602
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


Also, please let me know how your computer is behaving now.
  • 0

#10
fantasticdoitsu

fantasticdoitsu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Cassie (08-03-2018 22:04:06) Run:3
Running from C:\Users\Cassie\Desktop
Loaded Profiles: Cassie (Available Profiles: Cassie)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\Cassie\AppData\Local\Temp\_MEI69602
*****************
 
"C:\Users\Cassie\AppData\Local\Temp\_MEI69602" => not found
 
==== End of Fixlog 22:04:06 ====
 
 
Its responding a little better.

  • 0

#11
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

OK, now can you please run a new scan with FRST.  When you do so, please ensure the Addition.txt box is checked before you run the scan.

 

When the scan has completed please post me the new Frst.txt and Addition.txt logs.


  • 0

#12
fantasticdoitsu

fantasticdoitsu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018
Ran by Cassie (administrator) on ANTONIO (09-03-2018 19:55:50)
Running from C:\Users\Cassie\Desktop
Loaded Profiles: Cassie (Available Profiles: Cassie)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Cassie\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [Google Update] => C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-26] (Google Inc.)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062048 2017-07-13] (Valve Corporation)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILOE.EXE [297024 2013-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\RunOnce: [Uninstall 17.005.0107.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cassie\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\amd64"
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\RunOnce: [Uninstall 17.005.0107.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cassie\AppData\Local\Microsoft\OneDrive\17.005.0107.0008"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3ef4d42a-ac1c-4c3d-94b5-74530a788611}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77cb6503-3166-4ad3-8097-ca90ac8c832f}: [DhcpNameServer] 127.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
 
Edge: 
======
Edge Extension: (No Name) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.4.0_neutral__8wekyb3d8bbwe [not found]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.16.0_neutral__8wekyb3d8bbwe [not found]
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2438370543-1171411930-338771542-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-2438370543-1171411930-338771542-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default [2018-03-09]
CHR Extension: (Slides) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-07]
CHR Extension: (Dark Theme for Google Chrome) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2017-12-07]
CHR Extension: (Docs) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-07]
CHR Extension: (Google Drive) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (DuckDuckGo) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-03-06]
CHR Extension: (YouTube) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Honey) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-03-06]
CHR Extension: (Google Search) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (High Contrast) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2017-05-10]
CHR Extension: (Sheets) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (NEnhancer) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2017-07-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-04]
CHR Extension: (Gmail) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Cassie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-09]
CHR HKU\S-1-5-21-2438370543-1171411930-338771542-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-09] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-09] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 MpKsl62fcaa24; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCE6BD0A-8424-4D73-A74D-8CF66FE1FF47}\MpKsl62fcaa24.sys [58120 2018-03-09] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3529728 2017-11-22] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-09] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-09] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-09] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 19:51 - 2018-03-09 19:51 - 000000000 ___HD C:\OneDriveTemp
2018-03-09 11:58 - 2018-03-09 11:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-09 11:08 - 2018-03-09 11:08 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-09 11:02 - 2018-03-09 11:02 - 000000000 ___RD C:\Users\Cassie\3D Objects
2018-03-09 10:59 - 2018-03-09 10:59 - 000000020 ___SH C:\Users\Cassie\ntuser.ini
2018-03-09 04:17 - 2018-03-09 03:07 - 000000000 ____D C:\Windows.old
2018-03-09 03:04 - 2018-03-09 03:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-09 03:03 - 2018-03-09 19:51 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2438370543-1171411930-338771542-1001
2018-03-09 03:03 - 2018-03-09 03:05 - 000003550 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA1d1ef399c51f86f
2018-03-09 03:03 - 2018-03-09 03:05 - 000003282 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core1d1ef399bd00c9e
2018-03-09 03:03 - 2018-03-09 03:04 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1ef39836853d6
2018-03-09 03:03 - 2018-03-09 03:04 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1ef3982aa8510
2018-03-09 03:03 - 2018-03-09 03:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-03-09 03:03 - 2018-03-09 03:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2018-03-09 03:03 - 2018-03-09 03:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-03-09 03:03 - 2018-03-09 03:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus
2018-03-09 03:03 - 2018-03-09 03:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2018-03-09 02:59 - 2018-03-09 03:03 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-03-09 02:59 - 2018-03-09 03:03 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-03-09 02:57 - 2018-03-09 02:57 - 000886066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-09 02:38 - 2018-03-09 02:38 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-09 02:35 - 2018-03-09 02:35 - 000000000 ____D C:\ProgramData\USOShared
2018-03-09 02:33 - 2018-03-09 11:56 - 000000000 ____D C:\Users\Cassie\AppData\Local\Packages
2018-03-09 02:31 - 2018-03-09 11:02 - 000000000 ____D C:\Users\Cassie
2018-03-09 02:29 - 2016-12-02 07:34 - 000103976 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-03-09 02:29 - 2016-12-02 07:34 - 000099880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-09 02:28 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-09 02:24 - 2018-03-09 19:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-09 02:24 - 2018-03-09 02:50 - 000257008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-09 00:53 - 2018-03-09 04:17 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-09 00:51 - 2018-03-09 00:53 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-09 00:49 - 2018-03-09 00:49 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-09 00:49 - 2018-03-09 00:49 - 000000000 ____D C:\Program Files\MSBuild
2018-03-09 00:49 - 2018-03-09 00:49 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-09 00:49 - 2018-03-09 00:49 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-09 00:47 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-03-09 00:47 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-03-09 00:47 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-03-09 00:46 - 2017-09-28 15:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-03-09 00:46 - 2017-09-28 15:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-03-09 00:46 - 2017-09-28 15:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-03-09 00:34 - 2018-03-09 00:34 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-08 23:08 - 2018-03-09 11:01 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-08 22:58 - 2018-03-08 23:07 - 000000036 _____ C:\WINDOWS\progress.ini
2018-03-08 22:06 - 2018-03-09 03:07 - 000000000 ___HD C:\$GetCurrent
2018-03-08 22:03 - 2018-03-08 22:03 - 000000818 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-03-08 22:03 - 2018-03-08 22:03 - 000000806 _____ C:\Users\Cassie\Desktop\Windows 10 Update Assistant.lnk
2018-03-08 22:02 - 2018-03-09 11:01 - 000000000 ____D C:\Windows10Upgrade
2018-03-08 20:58 - 2018-03-08 20:58 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-06 21:48 - 2018-03-08 22:04 - 000000470 _____ C:\Users\Cassie\Desktop\Fixlog.txt
2018-03-06 21:45 - 2018-03-06 21:45 - 000000000 ____D C:\Users\Cassie\Desktop\FRST-OlderVersion
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-09 19:57 - 2018-01-18 22:59 - 000015904 _____ C:\Users\Cassie\Desktop\FRST.txt
2018-03-09 19:55 - 2018-01-18 22:59 - 000000000 ____D C:\FRST
2018-03-09 19:55 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-09 19:51 - 2016-05-14 19:46 - 000002415 _____ C:\Users\Cassie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-09 19:51 - 2014-12-25 17:23 - 000000000 __RDO C:\Users\Cassie\OneDrive
2018-03-09 19:49 - 2015-08-10 16:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-09 12:06 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-09 11:59 - 2017-09-29 07:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-09 11:58 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-03-09 11:57 - 2017-09-29 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-09 11:11 - 2016-11-25 22:15 - 000000000 ___RD C:\Users\Cassie\Google Drive
2018-03-09 11:11 - 2014-12-21 17:30 - 000002552 _____ C:\Users\Cassie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-09 11:10 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-09 11:05 - 2014-12-21 16:31 - 000000000 ____D C:\Users\Cassie\AppData\Local\PackageStaging
2018-03-09 11:03 - 2016-05-14 02:03 - 000000000 ____D C:\Users\Cassie\AppData\Local\TileDataLayer
2018-03-09 11:02 - 2014-12-21 16:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-09 11:01 - 2017-09-22 22:57 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-09 11:01 - 2016-05-14 02:03 - 000000000 __SHD C:\Users\Cassie\IntelGraphicsProfiles
2018-03-09 04:23 - 2017-09-29 07:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-09 04:17 - 2018-01-18 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-09 04:17 - 2017-09-29 08:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\InputMethod
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-09 04:17 - 2017-09-29 07:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-09 04:17 - 2017-09-22 22:57 - 000000000 ____D C:\Program Files\Intel
2018-03-09 04:17 - 2017-09-22 22:56 - 000000000 ____D C:\Program Files\IDT
2018-03-09 04:17 - 2017-09-22 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2018-03-09 04:17 - 2017-07-07 18:02 - 000000000 ____D C:\Program Files\UNP
2018-03-09 04:17 - 2017-05-19 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2018-03-09 04:17 - 2017-05-09 13:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-03-09 04:17 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-09 04:17 - 2015-08-10 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-09 04:17 - 2015-01-02 16:27 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2018-03-09 04:17 - 2014-12-22 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2018-03-09 04:17 - 2014-04-18 03:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\tr
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\sv
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\sk
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\ru
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\pt
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\pl
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\no
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\nl
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\it
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\hu
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\fr
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\fi
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\es
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\el
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\de
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\da
2018-03-09 04:17 - 2014-04-18 03:30 - 000000000 ____D C:\WINDOWS\system32\cs
2018-03-09 04:17 - 2014-04-18 03:23 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-09 04:17 - 2014-04-18 03:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc
2018-03-09 04:17 - 2014-04-18 03:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-03-09 04:17 - 2014-04-18 03:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2018-03-09 04:17 - 2013-11-05 03:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-09 04:17 - 2013-11-05 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2018-03-09 04:17 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-03-09 04:17 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-03-09 03:56 - 2017-09-29 07:49 - 000000000 ____D C:\WINDOWS\Setup
2018-03-09 03:08 - 2017-09-29 07:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-09 03:04 - 2017-09-29 02:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-09 03:00 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\Registration
2018-03-09 02:58 - 2016-05-14 00:07 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-09 02:51 - 2018-01-18 22:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-09 02:49 - 2017-09-29 02:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-09 02:39 - 2017-09-29 07:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-09 02:35 - 2017-09-29 07:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-09 02:30 - 2017-09-29 02:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-09 02:30 - 2014-04-18 03:10 - 000000000 ____D C:\Intel
2018-03-09 02:29 - 2017-09-22 22:57 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-03-09 00:57 - 2017-09-29 07:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-09 00:53 - 2017-09-29 07:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-09 00:53 - 2017-09-22 22:57 - 000000000 ____D C:\Program Files\Synaptics
2018-03-09 00:53 - 2015-02-24 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
2018-03-09 00:53 - 2014-04-18 03:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
2018-03-09 00:49 - 2017-12-13 19:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-03-08 23:54 - 2017-11-07 15:24 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-08 23:54 - 2014-12-24 23:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-08 23:53 - 2014-12-24 23:28 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-08 23:52 - 2014-04-18 03:22 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-08 23:52 - 2014-04-18 03:10 - 000000000 ____D C:\ProgramData\Intel
2018-03-08 23:49 - 2015-10-30 00:28 - 000000000 ____D C:\Users\Default.migrated
2018-03-08 23:47 - 2014-04-18 03:22 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-03-08 15:14 - 2018-01-18 23:04 - 000000000 ____D C:\Program Files\rempl
2018-03-06 22:22 - 2013-11-05 03:56 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-03-06 22:16 - 2017-06-22 16:43 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-03-06 22:04 - 2015-08-13 21:21 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-03-06 21:45 - 2018-01-18 22:58 - 002403328 _____ (Farbar) C:\Users\Cassie\Desktop\FRST64.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-09 02:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Cassie (09-03-2018 19:57:56)
Running from C:\Users\Cassie\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2018-03-09 09:07:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2438370543-1171411930-338771542-500 - Administrator - Disabled)
Cassie (S-1-5-21-2438370543-1171411930-338771542-1001 - Administrator - Enabled) => C:\Users\Cassie
DefaultAccount (S-1-5-21-2438370543-1171411930-338771542-503 - Limited - Disabled)
Guest (S-1-5-21-2438370543-1171411930-338771542-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2438370543-1171411930-338771542-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2438370543-1171411930-338771542-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.05 - CyberLink Corp.)
Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EPSON XP-810 Series Printer Uninstall (HKLM\...\EPSON XP-810 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2438370543-1171411930-338771542-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{11955FE2-CAC6-4C3B-AA68-F787D7405400}) (Version: 1.1.9.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{E1D7CB46-BAE9-4D58-99C4-582332B1755A}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2438370543-1171411930-338771542-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cassie\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26FA61E4-AE6D-4A80-8F3D-F81E202CAF62} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ef39836853d6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6DA582B4-A313-4EAE-8190-ACD50DBCC839} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core1d1ef399bd00c9e => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {73250A29-8FF5-4DFE-8D11-9A1BC33A8B6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA1d1ef399c51f86f => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7E340D14-C6BC-4893-BE2C-CCDD5677419E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-09] (Microsoft Corporation)
Task: {8DDF2822-9EB9-4518-8275-8BCCFF0DE150} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-09] (Microsoft Corporation)
Task: {C4FA3445-A4EC-4D4C-8F90-8C400F86EB80} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ef3982aa8510 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D242565D-CADE-4639-B117-554C0CC21B3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-09] (Microsoft Corporation)
Task: {DD80E84D-5AEF-41BF-951C-0E3B016909FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-09] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Invitation {077F468C-D605-4039-BF87-F2D772B0B66C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-810 Series Update {077F468C-D605-4039-BF87-F2D772B0B66C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLOE.EXE:/EXE:{077F468C-D605-4039-BF87-F2D772B0B66C} /F:UpdateWORKGROUP\ANTONIO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001Core.job => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2438370543-1171411930-338771542-1001UA.job => C:\Users\Cassie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-03-27 13:53 - 2013-03-27 13:53 - 000163168 _____ () C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
2018-01-18 22:28 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-12-02 07:32 - 2016-12-02 07:32 - 000401912 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 15:24 - 2013-08-01 15:24 - 000438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2018-01-29 12:42 - 2018-01-29 12:42 - 041100328 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2018-03-08 23:02 - 2018-03-08 23:03 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-08 23:02 - 2018-03-08 23:03 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-08 23:02 - 2018-03-08 23:03 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-08 23:02 - 2018-03-08 23:03 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-08 23:02 - 2018-03-08 23:03 - 000649216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-03-06 21:55 - 2018-02-21 21:57 - 004433752 _____ () C:\Users\Cassie\AppData\Local\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-03-06 21:55 - 2018-02-21 21:57 - 000099672 _____ () C:\Users\Cassie\AppData\Local\Google\Chrome\Application\64.0.3282.186\libegl.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 001949184 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2014-04-18 03:10 - 2013-09-03 17:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-03-09 11:08 - 2018-03-09 11:08 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_ctypes.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000069120 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\bz2.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000920064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_hashlib.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32api.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pywintypes27.dll
2018-03-09 11:09 - 2018-03-09 11:09 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pythoncom27.dll
2018-03-09 11:09 - 2018-03-09 11:09 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\unicodedata.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32com.shell.shell.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._core_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._gdi_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._windows_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._controls_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._misc_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pysqlite2._sqlite.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32file.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32security.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\hashobjs_ext.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\thumbnails_ext.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\usb_ext.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\common.time34.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32event.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.conditional.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.winwrap.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.volumes.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32gui.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_socket.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 001311232 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_ssl.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000135680 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_elementtree.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000133632 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pyexpat.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32inet.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._html2.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_psutil_windows.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows._lib_cacheinvalidation.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\select.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32crypt.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\PIL._imaging.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_multiprocessing.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_yappi.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32process.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32pipe.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32pdh.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.device_monitor.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32profile.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32ts.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2438370543-1171411930-338771542-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassie\Desktop\Cassie's Folder\Photos\Photos\Video Game Stuff\Arcade 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{23331EBC-3984-43B5-875E-B832060EF181}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90CE8AF9-89B5-4B75-B6CF-1C4D0E3C0694}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{131BAEA9-CE14-4757-881F-BF8E5AB7FFA5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9EDD3D0-5086-447B-8DC9-5B2AECA44AF1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0AC9FD6C-7F2A-4D8E-A0FC-94A39D834E4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{4B23B346-B5D8-4730-82F8-1F605E198302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [TCP Query User{3F2D510A-335B-45D3-A633-A7D0492F54C3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FBEFB85F-D577-496E-90B0-E3D7EA36FF90}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7DE3F711-CEC2-43F3-A5B7-37E20E5A5413}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6B87EA6B-0EF8-471F-A33C-748576E8AF88}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C35CF434-D475-402B-A5E0-C956D725A5A2}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{7492A45E-FEF0-49C4-8744-068EA662CAB2}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{E49A9C49-FA4C-4AE4-A2BE-5658E3B9615A}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F1E92A38-D72D-49F8-81C9-C81B75A0148D}C:\users\cassie\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\cassie\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{2028368A-7676-40E0-ACAD-5366637D678B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D6CF8169-0C3A-4CCF-8863-90EA21FF0183}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{A0DC19A5-AAD6-4FDB-A569-1AF19A70CEE0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{42DEFB7C-6E96-4335-B0C9-DC725EFEF6F9}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
 
==================== Restore Points =========================
 
09-03-2018 11:32:39 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2018 11:11:04 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/09/2018 11:04:28 AM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (7072,D,46) Unistore: The database page read from the file "C:\Users\Cassie\AppData\Local\Comms\UnistoreDB\store.vol" at offset 22278144 (0x000000000153f000) (database page 5438 (0x153E)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (03/09/2018 11:04:28 AM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (7072,D,46) Unistore: The database page read from the file "C:\Users\Cassie\AppData\Local\Comms\UnistoreDB\store.vol" at offset 22269952 (0x000000000153d000) (database page 5436 (0x153C)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (03/09/2018 11:04:27 AM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (7072,D,46) Unistore: The database page read from the file "C:\Users\Cassie\AppData\Local\Comms\UnistoreDB\store.vol" at offset 22155264 (0x0000000001521000) (database page 5408 (0x1520)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (03/09/2018 11:04:27 AM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (7072,D,46) Unistore: The database page read from the file "C:\Users\Cassie\AppData\Local\Comms\UnistoreDB\store.vol" at offset 22151168 (0x0000000001520000) (database page 5407 (0x151F)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (03/09/2018 02:58:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/09/2018 02:58:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (03/09/2018 02:58:58 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (03/09/2018 07:50:37 PM) (Source: DCOM) (EventID: 10016) (User: ANTONIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Antonio\Cassie SID (S-1-5-21-2438370543-1171411930-338771542-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 12:00:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.263.393.0).
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/09/2018 11:44:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 35%
Total physical RAM: 8104.14 MB
Available physical RAM: 5237.61 MB
Total Virtual: 10024.14 MB
Available Virtual: 7261 MB
 
==================== Drives ================================
 
Drive c: (TI10684700A) (Fixed) (Total:687.28 GB) (Free:580.58 GB) NTFS
 
\\?\Volume{0e4900f6-53b7-11e3-adbb-0c54a51af203}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
\\?\Volume{0e4900fe-53b7-11e3-adbb-0c54a51af203}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{f06ed015-a6a0-4b72-a5b6-e2550148551c}\ () (Fixed) (Total:0.99 GB) (Free:0.46 GB) NTFS
\\?\Volume{907b8268-c6e7-11e3-a5a1-20256498c3f8}\ (Recovery) (Fixed) (Total:9.14 GB) (Free:0.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by fantasticdoitsu, 09 March 2018 - 08:02 PM.

  • 0

#13
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

OK, something is regenerating the Python files ...

 

 

2018-03-09 11:08 - 2018-03-09 11:08 - 000088064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_ctypes.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000069120 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\bz2.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000920064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_hashlib.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000098816 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32api.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000110080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pywintypes27.dll
2018-03-09 11:09 - 2018-03-09 11:09 - 000364544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pythoncom27.dll
2018-03-09 11:09 - 2018-03-09 11:09 - 000686080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\unicodedata.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000320512 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32com.shell.shell.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 001177088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._core_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000806912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._gdi_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000816640 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._windows_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 001067520 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._controls_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000733696 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._misc_.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000736256 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pysqlite2._sqlite.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000119808 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32file.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000108544 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32security.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000007168 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\hashobjs_ext.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017920 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\thumbnails_ext.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000082432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\usb_ext.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000013824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\common.time34.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000018432 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32event.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.conditional.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.winwrap.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000089088 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.volumes.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000167936 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32gui.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000046080 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_socket.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 001311232 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_ssl.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000135680 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_elementtree.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000133632 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\pyexpat.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000038912 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32inet.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000077824 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\wx._html2.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000036864 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_psutil_windows.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000524248 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows._lib_cacheinvalidation.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000010240 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\select.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000011264 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32crypt.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000218624 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\PIL._imaging.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000027648 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_multiprocessing.pyd
2018-03-09 11:08 - 2018-03-09 11:08 - 000020480 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\_yappi.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000035840 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32process.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000024064 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32pipe.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000025600 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32pdh.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000059392 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\windows.device_monitor.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000017408 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32profile.pyd
2018-03-09 11:09 - 2018-03-09 11:09 - 000022528 _____ () C:\Users\Cassie\AppData\Local\Temp\_MEI96562\win32ts.pyd
 

 

This time in a different temporary folder.

 

It's not clear to me at this point what "parent" process is doing that, and I've no intention of playing "whack a mole", so I'd like you to run an online scan for me, to see if that gives me any clues.

 

Please run a scan with ESET Online Scanner (please note that this can sometimes take hours to complete)

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on Scan Now
  • You will need to download esetsmartinstaller_enu.exe when prompted, and then double click on it to install.

  • Select the option Accept to accept the terms and conditions, and when prompted by UAC, allow E-Set to make changes.
  • Select the following option.

    • Enable detection of potentially unwanted applications

  • Now click on Scan
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When complete the scan will begin.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Do not clean any of the found threats
    • Click on Save to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

 


  • 0

#14
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 217 posts

Due to lack of feedback, this topic has been closed.

If you need further help please open a new topic and wait for a new helper.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP