Solved Another Amazon Assistant aa.ata infection

2017-03-14 18:32 - 2017-02-21 19:17 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-14 18:31 - 2017-03-04 00:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-14 18:31 - 2017-03-04 00:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 18:31 - 2017-03-04 00:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 18:31 - 2017-03-04 00:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-14 18:31 - 2017-03-04 00:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 18:31 - 2017-03-04 00:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 18:31 - 2017-03-04 00:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-14 18:31 - 2017-03-04 00:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-14 18:31 - 2017-03-04 00:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-14 18:31 - 2017-03-04 00:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-14 18:31 - 2017-03-04 00:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-14 18:31 - 2017-03-04 00:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-14 18:31 - 2017-03-04 00:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 18:31 - 2017-03-04 00:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-14 18:31 - 2017-03-04 00:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 18:31 - 2017-03-04 00:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 18:31 - 2017-03-04 00:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-14 18:31 - 2017-03-04 00:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 18:31 - 2017-03-04 00:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 18:31 - 2017-03-04 00:07 - 00432992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-14 18:31 - 2017-03-04 00:04 - 01063472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-14 18:31 - 2017-03-04 00:03 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-14 18:31 - 2017-03-04 00:03 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-14 18:31 - 2017-03-04 00:01 - 00137936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-14 18:31 - 2017-03-03 23:37 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-14 18:31 - 2017-03-03 23:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-14 18:31 - 2017-03-03 23:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-14 18:31 - 2017-03-03 23:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-14 18:31 - 2017-03-03 23:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-14 18:31 - 2017-03-03 23:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-14 18:31 - 2017-03-03 23:33 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-14 18:31 - 2017-03-03 23:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-14 18:31 - 2017-03-03 23:32 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-14 18:31 - 2017-03-03 23:32 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-14 18:31 - 2017-03-03 23:31 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-14 18:31 - 2017-03-03 23:31 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-14 18:31 - 2017-03-03 23:31 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-14 18:31 - 2017-03-03 23:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-14 18:31 - 2017-03-03 23:31 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-14 18:31 - 2017-03-03 23:30 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-14 18:31 - 2017-03-03 23:30 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-14 18:31 - 2017-03-03 23:30 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-14 18:31 - 2017-03-03 23:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-14 18:31 - 2017-03-03 23:29 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-14 18:31 - 2017-03-03 23:29 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-14 18:31 - 2017-03-03 23:29 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-14 18:31 - 2017-03-03 23:29 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-14 18:31 - 2017-03-03 23:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-14 18:31 - 2017-03-03 23:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-14 18:31 - 2017-03-03 23:28 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-14 18:31 - 2017-03-03 23:28 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-14 18:31 - 2017-03-03 23:28 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-14 18:31 - 2017-03-03 23:28 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-14 18:31 - 2017-03-03 23:28 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-14 18:31 - 2017-03-03 23:28 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-14 18:31 - 2017-03-03 23:27 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-14 18:31 - 2017-03-03 23:27 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-14 18:31 - 2017-03-03 23:27 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-14 18:31 - 2017-03-03 23:27 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-14 18:31 - 2017-03-03 23:27 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-14 18:31 - 2017-03-03 23:26 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-14 18:31 - 2017-03-03 23:25 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-14 18:31 - 2017-03-03 23:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-14 18:31 - 2017-03-03 23:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 18:31 - 2017-03-03 23:24 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-14 18:31 - 2017-03-03 23:24 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-14 18:31 - 2017-03-03 23:23 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-14 18:31 - 2017-03-03 23:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-14 18:31 - 2017-03-03 23:23 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-14 18:31 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-03-14 18:31 - 2017-03-03 23:21 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-14 18:31 - 2017-03-03 23:21 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-14 18:31 - 2017-03-03 23:20 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-03-14 18:31 - 2017-03-03 23:19 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-14 18:31 - 2017-03-03 23:19 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-14 18:31 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-14 18:31 - 2017-03-03 23:19 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-14 18:31 - 2017-03-03 23:19 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-14 18:31 - 2017-03-03 23:18 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-14 18:31 - 2017-03-03 23:18 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-14 18:31 - 2017-03-03 23:18 - 01189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-03-14 18:31 - 2017-03-03 23:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-14 18:31 - 2017-03-03 23:18 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-14 18:31 - 2017-03-03 23:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-14 18:31 - 2017-03-03 23:16 - 03289088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-14 18:31 - 2017-03-03 23:16 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-14 18:31 - 2017-03-03 23:16 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-14 18:31 - 2017-03-03 23:16 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-03-14 18:31 - 2017-03-03 23:15 - 01837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-03-14 18:31 - 2017-03-03 23:14 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-14 18:31 - 2017-03-03 23:13 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-03-14 18:31 - 2017-03-03 23:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-03-14 18:31 - 2017-03-03 23:11 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-14 18:31 - 2017-03-03 23:11 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-14 18:31 - 2017-03-03 23:11 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-14 18:31 - 2017-03-03 23:11 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-14 18:31 - 2017-03-03 23:10 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 01536000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 01399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-14 18:31 - 2017-03-03 23:10 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-14 18:31 - 2017-03-03 23:09 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-14 18:31 - 2017-03-03 23:08 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-14 18:31 - 2017-03-03 23:08 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-14 18:31 - 2017-03-03 23:08 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-14 18:31 - 2017-03-03 23:08 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-14 18:31 - 2017-03-03 23:07 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-14 18:31 - 2017-03-03 23:06 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-14 18:31 - 2017-03-03 23:05 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-14 18:31 - 2017-03-03 23:04 - 01826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-14 18:31 - 2017-03-03 23:04 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-14 18:31 - 2017-03-03 23:04 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-14 18:31 - 2017-03-03 23:03 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-14 18:31 - 2017-03-03 23:02 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-14 18:31 - 2017-03-03 23:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-03-14 18:30 - 2017-03-04 00:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 18:30 - 2017-03-04 00:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 18:30 - 2017-03-04 00:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-14 18:30 - 2017-03-04 00:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-14 18:30 - 2017-03-04 00:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-14 18:30 - 2017-03-04 00:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 18:30 - 2017-03-04 00:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 18:30 - 2017-03-04 00:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-14 18:30 - 2017-03-04 00:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 18:30 - 2017-03-04 00:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 18:30 - 2017-03-04 00:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-14 18:30 - 2017-03-04 00:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-14 18:30 - 2017-03-04 00:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 18:30 - 2017-03-04 00:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-14 18:30 - 2017-03-04 00:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-14 18:30 - 2017-03-04 00:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 18:30 - 2017-03-04 00:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 18:30 - 2017-03-04 00:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-14 18:30 - 2017-03-04 00:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-14 18:30 - 2017-03-04 00:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-14 18:30 - 2017-03-04 00:07 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-14 18:30 - 2017-03-04 00:07 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-14 18:30 - 2017-03-04 00:07 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-14 18:30 - 2017-03-04 00:07 - 00110944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-14 18:30 - 2017-03-04 00:07 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-14 18:30 - 2017-03-04 00:01 - 00201568 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-14 18:30 - 2017-03-04 00:01 - 00128648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-14 18:30 - 2017-03-03 23:58 - 01416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-14 18:30 - 2017-03-03 23:58 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-14 18:30 - 2017-03-03 23:37 - 00025088 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2017-03-14 18:30 - 2017-03-03 23:36 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-14 18:30 - 2017-03-03 23:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-03-14 18:30 - 2017-03-03 23:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-14 18:30 - 2017-03-03 23:34 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-14 18:30 - 2017-03-03 23:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-03-14 18:30 - 2017-03-03 23:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-14 18:30 - 2017-03-03 23:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-14 18:30 - 2017-03-03 23:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-14 18:30 - 2017-03-03 23:32 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-14 18:30 - 2017-03-03 23:32 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-14 18:30 - 2017-03-03 23:32 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-14 18:30 - 2017-03-03 23:31 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-14 18:30 - 2017-03-03 23:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-14 18:30 - 2017-03-03 23:30 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-14 18:30 - 2017-03-03 23:30 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-14 18:30 - 2017-03-03 23:30 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-14 18:30 - 2017-03-03 23:29 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-14 18:30 - 2017-03-03 23:28 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-14 18:30 - 2017-03-03 23:28 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-14 18:30 - 2017-03-03 23:28 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-14 18:30 - 2017-03-03 23:28 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-14 18:30 - 2017-03-03 23:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-14 18:30 - 2017-03-03 23:26 - 00643072 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-14 18:30 - 2017-03-03 23:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-14 18:30 - 2017-03-03 23:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-03-14 18:30 - 2017-03-03 23:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-14 18:30 - 2017-03-03 23:25 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-14 18:30 - 2017-03-03 23:25 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-14 18:30 - 2017-03-03 23:24 - 01092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-14 18:30 - 2017-03-03 23:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-14 18:30 - 2017-03-03 23:24 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-14 18:30 - 2017-03-03 23:24 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-14 18:30 - 2017-03-03 23:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-14 18:30 - 2017-03-03 23:23 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-03-14 18:30 - 2017-03-03 23:23 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-14 18:30 - 2017-03-03 23:23 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-14 18:30 - 2017-03-03 23:21 - 00776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-14 18:30 - 2017-03-03 23:21 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-14 18:30 - 2017-03-03 23:20 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-14 18:30 - 2017-03-03 23:20 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-03-14 18:30 - 2017-03-03 23:20 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-14 18:30 - 2017-03-03 23:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-14 18:30 - 2017-03-03 23:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-14 18:30 - 2017-03-03 23:18 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-14 18:30 - 2017-03-03 23:18 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-14 18:30 - 2017-03-03 23:17 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-14 18:30 - 2017-03-03 23:17 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-14 18:30 - 2017-03-03 23:16 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-14 18:30 - 2017-03-03 23:16 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-14 18:30 - 2017-03-03 23:15 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-14 18:30 - 2017-03-03 23:15 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-14 18:30 - 2017-03-03 23:14 - 01562112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-14 18:30 - 2017-03-03 23:14 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-03-14 18:30 - 2017-03-03 23:14 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-14 18:30 - 2017-03-03 23:14 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-14 18:30 - 2017-03-03 23:13 - 00961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-03-14 18:30 - 2017-03-03 23:13 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-14 18:30 - 2017-03-03 23:13 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-03-14 18:30 - 2017-03-03 23:13 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-14 18:30 - 2017-03-03 23:12 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-14 18:30 - 2017-03-03 23:11 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-14 18:30 - 2017-03-03 23:11 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-14 18:30 - 2017-03-03 23:11 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-14 18:30 - 2017-03-03 23:11 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-14 18:30 - 2017-03-03 23:10 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-14 18:30 - 2017-03-03 23:10 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-14 18:30 - 2017-03-03 23:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-14 18:30 - 2017-03-03 23:08 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-14 18:30 - 2017-03-03 23:08 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-14 18:30 - 2017-03-03 23:07 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-14 18:30 - 2017-03-03 23:07 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-14 18:30 - 2017-03-03 23:07 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-14 18:30 - 2017-03-03 23:06 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-14 18:30 - 2017-03-03 23:06 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-14 18:30 - 2017-03-03 23:06 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-14 18:30 - 2017-03-03 23:06 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-14 18:30 - 2017-03-03 23:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-14 18:30 - 2017-03-03 23:03 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-14 18:30 - 2017-03-03 23:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-14 18:30 - 2016-07-15 19:29 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-14 18:30 - 2016-07-15 19:28 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-14 18:30 - 2016-07-15 19:26 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-14 18:29 - 2016-05-29 11:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-13 07:51 - 2017-03-13 07:51 - 00151385 _____ C:\Users\Jackie\Downloads\XXXXX4311-2016Oct01-2016Dec31 (1).pdf
 
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-12 20:19 - 2015-11-28 15:34 - 00000000 ___RD C:\Users\Jackie\OneDrive
2017-04-12 20:18 - 2016-02-19 20:32 - 00000000 __SHD C:\Users\Jackie\IntelGraphicsProfiles
2017-04-12 20:17 - 2016-09-22 08:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-12 20:17 - 2016-09-22 07:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-12 20:17 - 2014-09-02 20:36 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 19:37 - 2016-02-19 20:18 - 01089914 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-12 19:29 - 2016-07-15 23:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-04-12 17:00 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-12 17:00 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-12 16:58 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-12 16:39 - 2016-09-22 08:10 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 16:36 - 2016-02-19 20:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 16:27 - 2014-09-02 20:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-11 22:56 - 2012-12-07 21:39 - 00000000 ____D C:\Users\Jackie\AppData\Local\Packages
2017-04-11 22:39 - 2012-12-07 21:31 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-11 20:35 - 2016-09-22 07:34 - 00386248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-11 20:33 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-11 20:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-11 20:32 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-11 20:32 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-11 20:26 - 2014-02-08 14:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-11 20:26 - 2014-02-08 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-11 20:25 - 2016-09-22 07:39 - 00000000 ____D C:\Users\Jackie
2017-04-11 18:51 - 2015-11-28 15:39 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Skype
2017-04-11 17:54 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-11 17:47 - 2013-08-14 03:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 17:44 - 2014-02-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-11 17:44 - 2012-12-13 04:01 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 17:42 - 2012-07-25 22:26 - 00000199 _____ C:\WINDOWS\win.ini
2017-04-11 16:57 - 2016-12-13 17:55 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-11 16:57 - 2016-02-19 20:37 - 00002411 _____ C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-11 16:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-11 16:56 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-10 22:12 - 2016-09-22 08:10 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-10 22:12 - 2016-09-22 08:10 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-10 16:36 - 2017-03-09 17:51 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-09 22:41 - 2015-06-29 18:43 - 00000000 ____D C:\Users\Jackie\Desktop\New folder
2017-04-09 16:15 - 2015-03-19 18:41 - 00000000 ____D C:\Users\Jackie\Desktop\Our New Travel Trailer
2017-04-08 10:35 - 2016-02-19 21:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-05 14:41 - 2012-12-11 21:42 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2017-04-03 16:24 - 2013-01-27 18:12 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 12:26 - 2016-09-22 08:11 - 00004006 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458868884
2017-04-01 12:26 - 2016-03-24 18:21 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-01 11:45 - 2017-03-09 17:51 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-01 11:45 - 2017-03-09 17:51 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-01 11:45 - 2017-03-09 17:51 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-01 11:45 - 2017-03-09 17:51 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-01 11:45 - 2016-03-24 18:21 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-01 11:45 - 2014-04-26 13:54 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-01 11:45 - 2014-01-10 18:06 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-01 11:45 - 2013-04-18 19:38 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-01 11:45 - 2013-04-18 19:38 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-01 11:45 - 2013-01-27 18:07 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-01 11:45 - 2013-01-27 18:07 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-01 11:45 - 2013-01-27 18:07 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-01 11:45 - 2013-01-27 18:07 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-30 19:31 - 2012-12-15 12:31 - 00000000 ____D C:\Users\Jackie\AppData\Local\CutePDF Writer
2017-03-30 16:38 - 2012-12-15 09:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-30 16:34 - 2012-12-15 09:34 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-28 18:41 - 2014-03-22 18:21 - 00000000 ____D C:\Users\Jackie\Desktop\Jobs
2017-03-27 23:20 - 2016-09-22 07:37 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-26 15:37 - 2013-02-27 20:08 - 00000000 ____D C:\Users\Jackie\Desktop\Stuff to sell
2017-03-25 08:44 - 2013-06-01 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-17 16:40 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-16 21:01 - 2016-01-02 19:16 - 00014756 _____ C:\Users\Jackie\Desktop\PENSION.xlsx
2017-03-15 16:55 - 2015-11-28 15:39 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-15 16:55 - 2015-11-28 15:39 - 00000000 ____D C:\ProgramData\Skype
2017-03-15 16:54 - 2015-10-22 20:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-14 22:10 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-14 22:10 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-14 22:10 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-14 18:48 - 2016-09-22 08:10 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2014-01-11 11:49 - 2014-01-11 11:49 - 0000017 _____ () C:\Users\Jackie\AppData\Local\resmon.resmoncfg
2014-12-13 15:50 - 2014-12-13 15:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-23 09:47 - 2016-12-30 14:17 - 0001897 _____ () C:\ProgramData\hpzinstall.log
2012-11-27 00:16 - 2012-11-27 00:16 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-27 00:13 - 2012-11-27 00:14 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-27 00:14 - 2012-11-27 00:14 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-27 00:13 - 2012-11-27 00:13 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-27 00:15 - 2012-11-27 00:15 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some files in TEMP:
====================
2017-04-12 18:06 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Jackie\AppData\Local\Temp\dllnt_dump.dll
2016-09-26 11:31 - 2016-09-26 11:31 - 0741440 _____ (Oracle Corporation) C:\Users\Jackie\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-27 14:36 - 2017-01-27 14:36 - 30589432 _____ () C:\Users\Jackie\AppData\Local\Temp\{1112543A-147F-4D9B-B838-49FD75EEC977}-googleearth-win-7.1.8.3036.exe
2016-12-22 08:09 - 2016-12-22 08:10 - 74854376 _____ (Dropbox, Inc.) C:\Users\Jackie\AppData\Local\Temp\{A1EA5219-B6CD-4506-9D3E-ED847393E2BB}-DropboxClient_16.4.30.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-05 12:22
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Jackie (12-04-2017 20:23:34)
Running from C:\Users\Jackie\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-22 15:18:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-4018080066-2527054972-3077668475-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4018080066-2527054972-3077668475-503 - Limited - Disabled)
Guest (S-1-5-21-4018080066-2527054972-3077668475-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4018080066-2527054972-3077668475-1020 - Limited - Enabled)
Jackie (S-1-5-21-4018080066-2527054972-3077668475-1001 - Administrator - Enabled) => C:\Users\Jackie
Jackies Phone Login (S-1-5-21-4018080066-2527054972-3077668475-1022 - Limited - Enabled) => C:\Users\Jackies Phone Login
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3D XML Player (HKLM\...\{52FDBE6F-53FE-47C5-8D49-6366555D7056}) (Version: 12.36.12304 - Dassault Systemes)
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AutoCAD LT 2009 - English (HKLM\...\AutoCAD LT 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD LT 2009 - English (Version: 17.2.56.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Bend-Tech 6x (HKLM-x32\...\{F1504210-3427-4FE0-AB4F-164A2DB031A7}) (Version: 6.01.09.0 - 2020 Software Solutions, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Dropbox (HKLM-x32\...\Dropbox) (Version: 23.4.18 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FileZilla Client 3.15.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.15.0.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP Dropbox Plugin (HKLM-x32\...\{31F1CB66-4C89-483E-AEB4-B3E44D23530A}) (Version: 36.0.49.62779 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BD3F0659-B077-47C2-B0B4-82372B42DD84}) (Version: 36.0.49.62779 - HP)
HP OfficeJet Pro 6960 Basic Device Software (HKLM\...\{5160B724-8982-4EF3-8574-3229FF85D27C}) (Version: 39.4.1979.16354 - HP Inc.)
HP OfficeJet Pro 6960 Help (HKLM-x32\...\{11074957-74BD-4EBF-932E-E855138C606C}) (Version: 39.0.0 - HP)
HP OneDrive Plugin (HKLM-x32\...\{05C2D521-DEF0-48C8-A5F2-FDB23DF6134D}) (Version: 36.0.0.0 - HP)
HP Photosmart C6300 All-In-One Driver 12.0 Rel .4 (HKLM\...\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}) (Version: 12.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-GB)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-GB)) (Version: 45.2.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Photo Viewer s2.5 (HKLM-x32\...\Photo Viewer_is1) (Version: - )
PS_AIO_04_C6300_Software_Min (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden
SOLIDWORKS 2016 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20160-40000-1100-100) (Version: 24.0.0.5025 - SolidWorks Corporation)
SOLIDWORKS 2016 x64 Edition SP0 (Version: 24.100.5025 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2016 SP0 x64 Edition (Version: 24.00.5025 - Dassault Systemes SolidWorks Corp) Hidden
SolidWorks Composer Player 2014 SP02 x64 Edition (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP02 x64 Edition (Version: 22.20.41 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
SPOT Updater 1.1 (HKLM-x32\...\3631-4621-8658-3602) (Version: 1.1 - Globalstar)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001_Classes\CLSID\{74F5CC00-49A9-11CF-A2F9-444553540000}\InprocServer32 -> C:\Program Files\AutoCAD LT 2009\acadltficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD LT 2009\acadlt.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C066D7-091F-4107-8792-F76202A8256D} - \WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1022 -> No File <==== ATTENTION
Task: {05DC0957-6172-4EAC-A2DD-5FB85371154F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-01] (AVAST Software)
Task: {0848D9BA-47EE-4CA7-B81D-793DC0DEECBF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {09723BE1-C987-4755-B18B-38D4717B3B15} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {18D5C4F0-4A99-4FE1-8ED3-A9BCBC18B56D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {366285C8-78EA-42A6-A69B-1EEE69C48D97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {3C1FF556-2F29-4B74-A7AA-21D98E44FACC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {62754208-6B48-4822-8063-AE069A58BACA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {666D49AF-7515-463E-BB44-C6D1E54867D3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-19] (Dropbox, Inc.)
Task: {69677685-0E60-4A3F-87CE-26A2F9369B8B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-19] (Dropbox, Inc.)
Task: {6F1B6DCC-E73F-49FD-ADDB-0213521211C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {81E8267E-F7FF-4B45-B99B-296007C12B20} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {83D16391-C33D-4963-9DB7-1835CB87466E} - System32\Tasks\{5BCCA5A0-9071-47C4-B2CA-7E8B672E6C2A} => pcalua.exe -a "C:\Program Files\AutoCAD LT 2009\acadlt.exe" -d "C:\Program Files\AutoCAD LT 2009\UserDataCache\"
Task: {8A773727-9394-4934-8459-0F813DFAD409} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F88CA8C-1498-404F-BC17-E0CCD78A8180} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A610D333-821A-4AAB-A9EA-F01F37AFD9AC} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {AC78D4ED-AA78-4668-B3D1-3AFDB953C935} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AE5FCEDA-25DF-44FF-91FC-B88ED8DC4A43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {B0F85064-33DC-4EFE-90EF-5CB2A083F1F9} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {B2B81AA9-D186-4F3D-8E21-8718F9464C24} - System32\Tasks\{65E4929D-1846-49A0-B98C-6DB6104B525F} => pcalua.exe -a "C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcLauncher.exe" -d "C:\Users\Jackie\Pictures\Landy\Landy - uk\White Peak Engineering\Other Parts\Air Spring Mounts" -c /O "C:\Users\Jackie\Pictures\Landy\Landy - uk\White Peak Engineering\Other Parts\Air Spring Mounts\ASM-4-R1.dwg"
Task: {B2F45B88-5AEF-4CA4-BB8C-39968C1492A7} - \WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1001 -> No File <==== ATTENTION
Task: {B7C8012A-D20C-44C8-8BEB-6B4787592CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C8F48DDF-5E2C-44C8-B8FE-468B99E79CB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CA85B5F4-CE39-40B4-951C-F4E6C3981E60} - System32\Tasks\SafeZone scheduled Autoupdate 1458868884 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {CC66CCFB-4977-468F-8999-B15FA317058A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA6894B7-2F91-4798-863A-3476C358C1C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ED9519DB-DE31-4571-A33D-0B0F540B7761} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {F6380FB5-5D60-472C-ACC4-91D0A92871A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FF5D11A2-3509-4323-A34D-84F8535A96C6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 17:33 - 2017-03-27 23:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-12-15 12:30 - 2012-10-04 20:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2006-09-14 08:56 - 2006-09-14 08:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-27 00:14 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-04-12 16:28 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-12 16:28 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-11 17:33 - 2017-03-27 23:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-22 08:29 - 2016-09-22 08:29 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 18:30 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 18:31 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 18:31 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 18:31 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 17:33 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 17:33 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-10 06:09 - 2017-04-10 06:10 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 06:09 - 2017-04-10 06:10 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 06:09 - 2017-04-10 06:10 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 06:09 - 2017-04-10 06:10 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
2014-01-11 21:06 - 2014-01-11 21:06 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2015-09-25 02:20 - 2015-09-25 02:20 - 00268280 _____ () C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\sldBodyDiffu.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-04-01 11:45 - 2017-04-01 11:45 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-15 06:37 - 2016-09-15 06:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-01 11:45 - 2017-04-01 11:45 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-01 11:45 - 2017-04-01 11:45 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2012-11-27 00:14 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-03-15 18:01 - 2017-03-15 18:01 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\b4466909098e00b57ad0f4e0d3125cc7\PSIClient.ni.dll
2012-11-27 00:11 - 2012-07-18 12:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\Software\Classes\.scr: AutoCADLTScriptFile =>
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\amazon.ca -> hxxps://amazon.ca
IE trusted site: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\amazon.ca -> hxxps://amazon.ca
IE trusted site: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\colsoncaster.com -> hxxp://www.colsoncaster.com
IE trusted site: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\dell.com -> dell.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jackie\Desktop\Lancaster over dam.jpg
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7189EA95-DD92-4562-AB1D-44B8284AA99B}] => (Allow) C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{FC7CBC7F-654A-4585-8079-B325D9B228A2}] => (Allow) C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{04D7211C-57B5-4BA4-AE16-250C110C0083}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [{BC3DD07A-E111-4DC9-AFCA-D1D9D493DCC0}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{791347FE-7780-40D0-A7BD-F50BD1DF042A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{145A933B-3493-4C8B-A521-D793FCCA0739}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{C446D24D-0BEF-4E2C-B2B8-4D66BB3D25BB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F35BC395-1095-461C-A265-80955031DDFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{ADCD631A-44EA-4487-987E-04E0257B2FEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [UDP Query User{85D9D897-BD06-407E-9D2C-A546FBE000D4}C:\users\jackie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jackie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3E384372-CD63-4720-93E5-8E3B485D4136}C:\users\jackie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jackie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{18ED0884-2441-4624-9A77-56EA39AB836F}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{6192FFDD-4B4A-4FF6-B03F-D1ACCCB2389F}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{E581E3DE-9539-478A-A05F-CC9B3FA04ADC}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\StreamingVideoRecorder.exe
FirewallRules: [{B1D3B9B2-C76E-46AE-9790-3BED37E59FFE}] => (Allow) C:\Program Files\Apowersoft\Streaming Video Recorder\Streaming-Video-Recorder.exe
FirewallRules: [{A452D085-EA31-4E80-AB22-39022AEF714C}] => (Allow) LPort=1900
FirewallRules: [{67A54796-8FE5-4568-973E-4E4598B66FDB}] => (Allow) LPort=2869
FirewallRules: [{BCC2C9B1-B39F-4954-AA10-1656F2F9F7BC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{411364FC-933B-4A97-A665-1F8E3C5CE193}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{05D35908-C10E-4303-921C-897CF25A4FC8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AE7D9F82-0C4C-4793-9541-905345DACBBF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3C1537BD-B2D0-4B6F-8249-EADD2726C92D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9074780E-4315-4474-A7E2-967F0D178F18}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [TCP Query User{48998165-1649-4DCB-AD45-D124A344AA1B}C:\users\jackie\desktop\extract folder\rtmpsuck.exe] => (Allow) C:\users\jackie\desktop\extract folder\rtmpsuck.exe
FirewallRules: [UDP Query User{CDE91654-5840-4FA5-A7A9-A641F5AA0CF3}C:\users\jackie\desktop\extract folder\rtmpsuck.exe] => (Allow) C:\users\jackie\desktop\extract folder\rtmpsuck.exe
FirewallRules: [{107423CD-2C6C-46A2-9D8B-049B272279EB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{87EC0C5E-8C99-40F1-9714-AFF13E86134E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{DEC59AF1-27B9-41E4-9E3D-5F5AA2373D35}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{01DC76F3-5AA4-418A-9909-FB8E19D17FDA}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A5CE7BB6-2FD1-4877-9144-7137718295C1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{78AE141E-47D1-494F-B10E-85C0E6187974}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{7E2025C0-1283-434B-94E6-C92403D20B53}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2616F8E1-1FC8-40BF-952B-896C4EA34BD3}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4711A241-F6FB-45A8-B5E5-3E7389B84C13}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83C74ADE-6484-40D5-BAE8-44609BB3A1B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A877E7A7-C8E8-4647-900A-0D0E191861AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53127E04-8F1D-426D-85C7-B833A41E06E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B88B2907-29CD-425E-A0A9-F1A7041B6041}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe
FirewallRules: [TCP Query User{99432C64-5957-4F17-8122-4ADF7955AB9A}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe
FirewallRules: [UDP Query User{3343854E-53F1-4BE3-A427-8B5D0525E257}C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe] => (Block) C:\program files (x86)\common files\research in motion\tunnel manager\peermanager.exe
FirewallRules: [TCP Query User{0BE13704-21CC-4394-951C-369F86C8F9E8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{09256F07-BF16-43C1-BDD3-D8B942666B61}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{96F0BB7E-FFC6-4E5E-B07F-9DC89FFCE983}] => (Allow) C:\Users\Jackie\AppData\Local\Temp\7zS270A\HP.EasyStart.exe
FirewallRules: [{3CD3D1B0-3B5B-4FF3-9258-1E03AB46BFB2}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\bin\FaxApplications.exe
FirewallRules: [{82AA510B-77FD-4792-BD7C-2C6194930707}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\bin\DigitalWizards.exe
FirewallRules: [{F62CD96F-C815-4EA2-8735-8DD31797C0B6}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\bin\SendAFax.exe
FirewallRules: [{75DBF080-F138-42C8-BFC7-28EA92A7DECA}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\bin\FaxPrinterUtility.exe
FirewallRules: [{C290B022-D287-4733-9CDC-BB3784506382}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\DeviceSetup.exe
FirewallRules: [{97E1ED52-01E3-4B38-94C0-E61F8736E30D}] => (Allow) LPort=5357
FirewallRules: [{2C9A1FF6-CD82-4830-90D6-06E2F9956B1B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 6960\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E789A488-8278-4132-9E69-9743D25070E8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{10A4C10A-44FC-49ED-A250-1503A8553F48}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{91B079C4-99EE-4F21-8C0D-346CDC5C3550}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{0E580B4F-1E15-4208-9654-9E420667CDEF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{40FEDBD9-951C-44CF-A016-548DF1F1671B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
23-03-2017 12:39:42 Scheduled Checkpoint
28-03-2017 23:40:00 Windows Update
08-04-2017 12:24:11 Scheduled Checkpoint
11-04-2017 17:38:45 Windows Update
12-04-2017 19:37:02 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Dell Wireless 1506 802.11b|g|n (2.4GHz)
Description: Dell Wireless 1506 802.11b|g|n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: OfficeJet Pro 6960
Description: OfficeJet Pro 6960
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
==================== Event log errors: =========================
Application errors:
==================
Error: (04/12/2017 08:17:49 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (04/12/2017 08:17:49 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (04/12/2017 08:17:49 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (04/12/2017 07:37:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (04/12/2017 07:30:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Desktop.local already in use; will try Desktop-2.local instead
Error: (04/12/2017 07:30:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Desktop.local. Addr 192.168.1.74
Error: (04/12/2017 07:30:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.74:5353 16 Desktop.local. AAAA 2001:0569:FB53:BF00:A11D:79E4:3808:8FD6
Error: (04/12/2017 07:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x33f0
Faulting application start time: 0x01d2b3f9c4d3ed31
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 1bbce695-e6ff-4d89-b68d-7d465ce38b5c
Faulting package full name:
Faulting package-relative application ID:
Error: (04/12/2017 07:01:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000
Error: (04/12/2017 07:01:35 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

System errors:
=============
Error: (04/12/2017 08:22:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.
Error: (04/12/2017 08:21:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (04/12/2017 08:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/12/2017 08:18:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/12/2017 08:17:28 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.
Error: (04/12/2017 08:17:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:30:21 PM on ‎4/‎12/‎2017 was unexpected.
Error: (04/12/2017 08:06:54 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.
Error: (04/12/2017 08:01:44 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.
Error: (04/12/2017 08:01:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (04/12/2017 07:56:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.74.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
Date: 2017-04-12 16:28:19.750
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-02-16 20:23:37.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\VS7Debug\msdbg2.dll that did not meet the Store signing level requirements.
Date: 2017-02-15 19:33:11.022
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\VS7Debug\msdbg2.dll that did not meet the Store signing level requirements.
Date: 2017-01-12 17:15:22.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Store signing level requirements.
Date: 2017-01-12 17:15:21.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 31%
Total physical RAM: 8063.55 MB
Available physical RAM: 5514.81 MB
Total Virtual: 9407.55 MB
Available Virtual: 6983.07 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.49 GB) (Free:509.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF7FE604)
Partition: GPT.
==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.6 KB · Views: 5
Done & here's the log file :

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Jackie (13-04-2017 15:17:04) Run:1
Running from C:\Users\Jackie\Desktop
Loaded Profiles: Jackie (Available Profiles: Jackie & Jackies Phone Login)
Boot Mode: Normal
==============================================
fixlist content:
*****************
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
SearchScopes: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001 -> DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0d86a6d0_1201_1401_20160926_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.ca/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_ca_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0d86a6d0_1201_1401_20160926_CA_ie_ds_&tag=bds-p10-serp-ca-ie-20&query={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll No File
S3 dbx; system32\DRIVERS\dbx.sys [X]
2014-01-11 11:49 - 2014-01-11 11:49 - 0000017 _____ () C:\Users\Jackie\AppData\Local\resmon.resmoncfg
2014-12-13 15:50 - 2014-12-13 15:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-23 09:47 - 2016-12-30 14:17 - 0001897 _____ () C:\ProgramData\hpzinstall.log
2012-11-27 00:16 - 2012-11-27 00:16 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-27 00:13 - 2012-11-27 00:14 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-27 00:14 - 2012-11-27 00:14 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-27 00:13 - 2012-11-27 00:13 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-27 00:15 - 2012-11-27 00:15 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2017-04-12 18:06 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Jackie\AppData\Local\Temp\dllnt_dump.dll
2016-09-26 11:31 - 2016-09-26 11:31 - 0741440 _____ (Oracle Corporation) C:\Users\Jackie\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-01-27 14:36 - 2017-01-27 14:36 - 30589432 _____ () C:\Users\Jackie\AppData\Local\Temp\{1112543A-147F-4D9B-B838-49FD75EEC977}-googleearth-win-7.1.8.3036.exe
2016-12-22 08:09 - 2016-12-22 08:10 - 74854376 _____ (Dropbox, Inc.) C:\Users\Jackie\AppData\Local\Temp\{A1EA5219-B6CD-4506-9D3E-ED847393E2BB}-DropboxClient_16.4.30.exe
Task: {01C066D7-091F-4107-8792-F76202A8256D} - \WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1022 -> No File <==== ATTENTION
Task: {0848D9BA-47EE-4CA7-B81D-793DC0DEECBF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {09723BE1-C987-4755-B18B-38D4717B3B15} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {18D5C4F0-4A99-4FE1-8ED3-A9BCBC18B56D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62754208-6B48-4822-8063-AE069A58BACA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6F1B6DCC-E73F-49FD-ADDB-0213521211C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A773727-9394-4934-8459-0F813DFAD409} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A610D333-821A-4AAB-A9EA-F01F37AFD9AC} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {AC78D4ED-AA78-4668-B3D1-3AFDB953C935} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B0F85064-33DC-4EFE-90EF-5CB2A083F1F9} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {B2F45B88-5AEF-4CA4-BB8C-39968C1492A7} - \WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1001 -> No File <==== ATTENTION
Task: {C8F48DDF-5E2C-44C8-B8FE-468B99E79CB5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CC66CCFB-4977-468F-8999-B15FA317058A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EA6894B7-2F91-4798-863A-3476C358C1C4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F6380FB5-5D60-472C-ACC4-91D0A92871A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FF5D11A2-3509-4323-A34D-84F8535A96C6} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:054203E4 [130]
IE trusted site: HKU\.DEFAULT\...\amazon.ca -> hxxps://amazon.ca
IE trusted site: HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\...\amazon.ca -> hxxps://amazon.ca
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key removed successfully
HKCR\CLSID\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKCR\PROTOCOLS\Handler\intu-tt2012 => key not found.
HKCR\CLSID\{02F985EF-502B-4597-993F-6BF9E004C138} => key not found.
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
C:\Users\Jackie\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
C:\Users\Jackie\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Jackie\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Jackie\AppData\Local\Temp\{1112543A-147F-4D9B-B838-49FD75EEC977}-googleearth-win-7.1.8.3036.exe => moved successfully
C:\Users\Jackie\AppData\Local\Temp\{A1EA5219-B6CD-4506-9D3E-ED847393E2BB}-DropboxClient_16.4.30.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01C066D7-091F-4107-8792-F76202A8256D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01C066D7-091F-4107-8792-F76202A8256D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1022 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0848D9BA-47EE-4CA7-B81D-793DC0DEECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0848D9BA-47EE-4CA7-B81D-793DC0DEECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09723BE1-C987-4755-B18B-38D4717B3B15} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09723BE1-C987-4755-B18B-38D4717B3B15} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18D5C4F0-4A99-4FE1-8ED3-A9BCBC18B56D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D5C4F0-4A99-4FE1-8ED3-A9BCBC18B56D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62754208-6B48-4822-8063-AE069A58BACA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62754208-6B48-4822-8063-AE069A58BACA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F1B6DCC-E73F-49FD-ADDB-0213521211C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F1B6DCC-E73F-49FD-ADDB-0213521211C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A773727-9394-4934-8459-0F813DFAD409} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A773727-9394-4934-8459-0F813DFAD409} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A610D333-821A-4AAB-A9EA-F01F37AFD9AC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A610D333-821A-4AAB-A9EA-F01F37AFD9AC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC78D4ED-AA78-4668-B3D1-3AFDB953C935} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC78D4ED-AA78-4668-B3D1-3AFDB953C935} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0F85064-33DC-4EFE-90EF-5CB2A083F1F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0F85064-33DC-4EFE-90EF-5CB2A083F1F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2F45B88-5AEF-4CA4-BB8C-39968C1492A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F45B88-5AEF-4CA4-BB8C-39968C1492A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4018080066-2527054972-3077668475-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8F48DDF-5E2C-44C8-B8FE-468B99E79CB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F48DDF-5E2C-44C8-B8FE-468B99E79CB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC66CCFB-4977-468F-8999-B15FA317058A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC66CCFB-4977-468F-8999-B15FA317058A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA6894B7-2F91-4798-863A-3476C358C1C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA6894B7-2F91-4798-863A-3476C358C1C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6380FB5-5D60-472C-ACC4-91D0A92871A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6380FB5-5D60-472C-ACC4-91D0A92871A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF5D11A2-3509-4323-A34D-84F8535A96C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF5D11A2-3509-4323-A34D-84F8535A96C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.ca => key removed successfully
HKU\S-1-5-21-4018080066-2527054972-3077668475-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazon.ca => key removed successfully
==== End of Fixlog 15:17:07 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Log files :

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 101
Java version 32-bit out of Date!
Adobe Flash Player 25.0.0.148
Mozilla Firefox 33.1 Firefox out of Date!
Mozilla Thunderbird (45.2.0)
Google Chrome (57.0.2987.133)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
NVIDIA Corporation PhysX Common AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by Jackie (administrator) on 13-04-2017 at 18:49:23
Running from "C:\Users\Jackie\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
 
Techspot would not load, keeps hanging 'edge'. Ended up using Avast SafeZone to login... deff not how it was.
 
Tried resetting Edge & ran SFC (no issues found), seems a bit better but still slow. Avast SafeZone is quicker.
 
redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.
 
I did that and ran SFC, that came back all clean. Did another reset of Edge this morning too with a full delete & did a delete through control panel.

After the problems, I purchased Malwarebytes Premium & have that running all the time now along with Avast Internet Security. Am running another MWB scan now, here are the results :

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/17
Scan Time: 11:20 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1735
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP\Jackie

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 473138
Time Elapsed: 14 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
It's still not right, slow loading of pages & errors that pages failed to load. Have migrated all my links over to AvastSafeZone, as we need to get our taxes filed.

Before the last reset I changed the internet option for home page to 'use default'. That seems to have stopped the Amazon one popping back in.

Will do some reading on Edge later, there seemed to be quite a few forum posts of slow pages etc.

The Avast browser is working just fine and has some deff advantages with it's banking mode & secure password add-in. Will stick with that but would be nice to be 100% sure we cleared the system out.

Your assistance is much appreciated.... I was quite happy writing 6502 & Z80 assembler code many years ago.... I guess all this progress was for the best ????? LOL !
 
There is no question that your computer is clean.
See if other browsers have same issue.
 
I followed the on-line instructions, deleted Edge & reinstalled.... still seems slow. Did read that the latest update to windows 10 has caused some issues.

Will be sticking with the Avast browser now... thanks very much for all your help !
 
Hi Broni,

Have just noticed my backup drive got unplugged when we had the issue last week. Will it be OK to plug back in or do I need to reformat it first from a separate machine, it was just used with Windows backup ?
Thanks.
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
389
Fastturtle
F
Shawn Knight
Amazon's hardware group faces steep losses, Alexa monetization efforts flounder
Replies
11
Views
866
AndrettiGTO
AndrettiGTO
Cal Jeffrey
Flipper Zero pranksters could cause DoS havoc on your iPhone
Replies
7
Views
483
RaXelliX
R

Latest posts

Back