Solved C:\ Program Files (x86)\Amazon\Amazon Assistent\aa.hta

CutMeIn · Jul 10, 2017

I have started the process you outlined in another thread about this malware.
Just need to know where to post my first log.
Thank you

CutMeIn · Jul 10, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Heather (administrator) on HEATHER-PC (10-07-2017 12:51:11)
Running from C:\Users\Heather\Downloads
Loaded Profiles: Heather & DefaultAppPool (Available Profiles: Heather & Guest & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\acevents.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_131.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_131.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ac.activclient.gui.scagent.exe] => C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe [813592 2016-07-20] (HID Global Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-25] (AVAST Software)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [1957888 2014-03-18] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\ DisallowedCertificates: 675D2D785AF7EE6650B1A056CB3F82FDAEA8673E (U)
HKLM\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2015-03-14]
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}\Icon9557F1BC1.ico ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2b6cb6cc-9d1f-422d-be4b-65f095323077}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7ec2e1e-02b4-4ee9-a0f0-c5aa8b8cc76c}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.us.army.mil/suite/login/fcc/akologin.fcc?TYPE=33554433&REALMOID=06-84df9b84-1402-1006-8b6f-832f13160000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=o8Rc1CnMzrYqxaNYlt7BewL7jx5IlO25mFAiVAkDqBHxcKazZQqKStqmDNolsEgk&TARGET=-SM-https%3a%2f%2flogin.us.army.mil%2fSmKBAuth%2fLoginEnrollmentForms%2fSmKBAuth.fcc%3fsite%3dONE%26TYPE%3d33554432%26REALMOID%3d06--532666b4--7541--1005--8b6f--832f13160000%26GUID%3d%26SMAUTHREASON%3d0%26METHOD%3dGET%26SMAGENTNAME%3d--SM--XeHOmTYGdo5lT6ctArAivGV-%2faFYY6LMGw5RkYoLTW-%2bItmoZVbbnjqCLPEM8hKZ-%2ft%26TARGET%3d--SM--HTTP-%3a-%2f-%2fwww-.us-.army-.mil-%2fsuite-%2fsso-%2fredirect-.html-%3fsite-%3d0zxxz0
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> DefaultScope {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> {E8381F59-AC38-4EE0-9A10-F0CA02F2CE71} URL =
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 61fsaisr.default
FF ProfilePath: C:\Users\Heather\AppData\Roaming\RedHat\ESC\Profiles\850350i8.default [2016-12-10]
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default [2017-07-10]
FF user.js: detected! => C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\user.js [2015-02-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\61fsaisr.default -> hxxps://www.google.com/
FF Extension: (Proxmate) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\sp@avast.com.xpi [2017-06-06]
FF Extension: (Multi Dictionary Lookup) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\tfdlookup@nohup.in.xpi [2016-03-11]
FF Extension: (Avast Online Security) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\wrc@avast.com.xpi [2017-06-06]
FF Extension: (Adblock Plus) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (ActivClient Security Module) - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-05-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{f3fec9ea-7e7c-42ac-af46-c1b6f046a9d6}] - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module
FF HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll [2010-02-01] (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Feathered Corner) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhkdaliaddhbdmbdmgabgfanjiekiap [2017-04-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-10]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Heather\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-13]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ActivID Shared Store Service; C:\WINDOWS\system32\dllhost.exe /Processid:{BD1113E3-8BB6-4638-8495-7B6DFA9B0547}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-25] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-25] (AVAST Software)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CutMeIn · Jul 10, 2017

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-10 12:51 - 2017-07-10 12:52 - 00026469 _____ C:\Users\Heather\Downloads\FRST.txt
2017-07-10 12:50 - 2017-07-10 12:51 - 00000000 ____D C:\FRST
2017-07-10 12:48 - 2017-07-10 12:48 - 02437120 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2017-07-10 11:22 - 2017-07-10 11:22 - 00000000 ___HD C:\$AV_ASW
2017-07-10 11:20 - 2017-07-10 11:20 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-10 11:20 - 2017-07-10 11:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-07-05 22:27 - 2017-07-05 23:18 - 00000000 ____D C:\Users\Heather\Desktop\Profile request
2017-07-05 22:26 - 2017-07-05 22:26 - 01363778 _____ C:\Users\Heather\Desktop\Profile request Jul 2017 BACK.pdf
2017-07-05 22:04 - 2017-07-05 22:04 - 00023210 _____ C:\Users\Heather\Downloads\AR-MMC Physican Letter July 2016.pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(3).pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016(1).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(2).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01145991 _____ C:\Users\Heather\Downloads\How to Retrieve a Copy of Your Profile.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01063584 _____ C:\Users\Heather\Downloads\Profile Request Packet Process pdf.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 00116165 _____ C:\Users\Heather\Downloads\ARMY RESERVE MEDICAL PROFILE REQUEST PACKET INSTRUCTIONS(Read First).pdf
2017-07-04 09:51 - 2017-07-04 09:51 - 00043490 _____ C:\Users\Heather\Desktop\PGRVerificationofInsurance.pdf
2017-07-04 09:50 - 2017-07-04 09:50 - 00045109 _____ C:\Users\Heather\Downloads\PGRVerificationofInsurance.pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(1).pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016.pdf
2017-06-26 18:59 - 2017-06-26 18:59 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016.pdf
2017-06-25 15:31 - 2017-06-25 15:31 - 03140724 _____ C:\Users\Heather\Downloads\TC25-10LaneTraining.pdf
2017-06-25 11:32 - 2017-06-25 11:33 - 00000000 ____D C:\Users\Heather\Desktop\PFC Flores Certs
2017-06-24 16:53 - 2017-06-24 16:53 - 00217637 _____ C:\Users\Heather\Downloads\Harris(2).pdf
2017-06-24 16:52 - 2017-06-24 16:52 - 00217637 _____ C:\Users\Heather\Downloads\Harris(1).pdf
2017-06-24 16:51 - 2017-06-24 16:51 - 00217637 _____ C:\Users\Heather\Downloads\Harris.pdf
2017-06-24 16:01 - 2017-06-24 16:01 - 00123654 _____ C:\Users\Heather\Downloads\UMR 16JUN2017 NO SS#.pdf
2017-06-21 11:10 - 2017-06-21 11:10 - 05427200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-06-20 10:03 - 2017-07-02 09:29 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-07-02 09:29 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-06-20 10:03 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 10:03 - 2017-06-20 10:03 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 09:55 - 2017-06-20 10:00 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 10:00 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 09:55 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 09:55 - 2017-06-20 09:55 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 00:34 - 2017-06-20 00:34 - 00006402 _____ C:\Users\Heather\Downloads\Champagne Currant.pdf
2017-06-20 00:30 - 2017-06-20 00:30 - 00006711 _____ C:\Users\Heather\Downloads\Aronia Berry.pdf
2017-06-18 22:57 - 2017-06-18 22:57 - 00000000 ____D C:\Users\Heather\AppData\Local\DBG
2017-06-18 14:44 - 2017-06-18 14:44 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-16 15:08 - 2017-06-16 15:08 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017(1).pdf
2017-06-16 14:54 - 2017-06-16 14:54 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017.pdf
2017-06-16 14:51 - 2017-06-16 14:51 - 00080196 _____ C:\Users\Heather\Desktop\APFT HW Jun 2017.pdf
2017-06-16 14:49 - 2017-06-16 14:49 - 00076099 _____ C:\Users\Heather\Downloads\QuickMemo+_170616_144700.pdf
2017-06-16 14:13 - 2017-06-16 14:13 - 00041032 _____ C:\Users\Heather\Desktop\Jun training schedule.docm
2017-06-16 13:46 - 2017-07-10 11:24 - 00004712 _____ C:\WINDOWS\System32\Tasks\DistromaticSearchProtect-hourly
2017-06-15 11:37 - 2017-06-03 02:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-15 11:37 - 2017-06-03 02:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-15 11:37 - 2017-06-03 02:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-15 11:37 - 2017-06-03 02:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-15 11:37 - 2017-06-03 02:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 11:37 - 2017-06-03 01:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-15 11:37 - 2017-06-03 01:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-15 11:36 - 2017-06-03 02:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 11:36 - 2017-06-03 02:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-15 11:36 - 2017-06-03 02:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-15 11:36 - 2017-06-03 02:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-15 11:36 - 2017-06-03 02:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-15 11:36 - 2017-06-03 02:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 11:36 - 2017-06-03 02:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-15 11:36 - 2017-06-03 02:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-15 11:36 - 2017-06-03 02:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-15 11:36 - 2017-06-03 01:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-15 11:36 - 2017-06-03 01:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 11:36 - 2017-06-03 01:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-15 11:32 - 2017-06-03 03:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 11:32 - 2017-06-03 03:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-15 11:32 - 2017-06-03 03:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 11:32 - 2017-06-03 02:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-15 11:32 - 2017-06-03 02:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-15 11:32 - 2017-06-03 02:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-15 11:32 - 2017-06-03 02:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-15 11:32 - 2017-06-03 02:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-15 11:32 - 2017-06-03 02:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-15 11:32 - 2017-06-03 02:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-15 11:32 - 2017-06-03 02:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-15 11:32 - 2017-06-03 02:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-15 11:32 - 2017-06-03 02:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-15 11:32 - 2017-06-03 02:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-15 11:32 - 2017-06-03 02:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 11:32 - 2017-06-03 01:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-15 11:32 - 2017-06-03 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-15 11:32 - 2017-06-03 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-15 11:31 - 2017-06-03 03:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 11:31 - 2017-06-03 03:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-15 11:31 - 2017-06-03 03:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-15 11:31 - 2017-06-03 03:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-15 11:31 - 2017-06-03 03:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-15 11:31 - 2017-06-03 03:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-15 11:31 - 2017-06-03 03:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-15 11:31 - 2017-06-03 03:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-15 11:31 - 2017-06-03 02:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-15 11:31 - 2017-06-03 02:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-15 11:31 - 2017-06-03 02:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-15 11:31 - 2017-06-03 02:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-15 11:31 - 2017-06-03 02:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-15 11:31 - 2017-06-03 02:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-15 11:31 - 2017-06-03 02:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-15 11:31 - 2017-06-03 02:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-15 11:31 - 2017-06-03 02:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-15 11:31 - 2017-06-03 02:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-15 11:31 - 2017-06-03 01:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-15 11:31 - 2017-06-03 01:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-15 11:31 - 2017-06-03 01:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-15 11:31 - 2017-06-03 01:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-15 11:31 - 2017-06-03 01:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-15 11:31 - 2017-06-03 01:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-15 11:31 - 2017-06-03 01:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-15 11:31 - 2017-06-03 01:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-15 11:31 - 2017-06-03 01:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-15 11:30 - 2017-06-03 03:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-15 11:30 - 2017-06-03 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 19:35 - 2017-06-14 19:35 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-14 19:31 - 2017-06-14 19:31 - 00000020 ___SH C:\Users\Heather\ntuser.ini
2017-06-14 17:29 - 2017-07-04 09:38 - 00000000 ____D C:\Windows.old
2017-06-14 17:27 - 2017-06-14 17:27 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-14 17:27 - 2017-06-14 17:27 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-14 17:27 - 2017-06-14 17:27 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\fi
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\es
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\el
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\de
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\da
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\cs
2017-06-14 17:01 - 2014-05-20 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2017-06-14 17:01 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-14 16:53 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-14 16:53 - 2016-05-30 14:41 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-06-14 16:53 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-14 16:52 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-14 16:52 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-14 16:50 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-14 16:50 - 2017-03-17 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-14 16:50 - 2015-12-08 20:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-14 16:49 - 2017-01-28 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-06-14 16:49 - 2016-11-20 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fedora
2017-06-14 16:49 - 2016-11-16 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2017-06-14 16:49 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-06-14 16:48 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-14 16:48 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-14 16:47 - 2016-09-05 11:22 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2017-06-14 16:42 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-14 15:22 - 2016-07-27 03:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 15:22 - 2016-07-27 03:21 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 15:21 - 2015-02-03 00:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:21 - 2015-02-03 00:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-11 17:44 - 2017-03-17 12:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-11 17:26 - 2016-03-22 23:02 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

==================== Files in the root of some directories =======

2016-05-12 20:15 - 2016-05-12 20:15 - 6748160 _____ () C:\Program Files (x86)\GUT627F.tmp
2015-11-19 16:17 - 2015-11-19 16:34 - 0000115 _____ () C:\Users\Heather\AppData\Roaming\LogFile.txt
2015-01-31 12:11 - 2015-01-31 12:11 - 0007606 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2016-07-26 18:14 - 2016-07-26 18:14 - 0000000 _____ () C:\Users\Heather\AppData\Local\{4E4BC093-A90B-4AF8-A557-4C5EFF1711A7}
2017-06-14 16:41 - 2017-06-14 16:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-30 14:29 - 2016-05-30 14:46 - 0000848 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Heather\CTX.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-09 20:00

==================== End of FRST.txt ============================

CutMeIn · Jul 10, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017

Ran by Heather (10-07-2017 12:53:09)

Running from C:\Users\Heather\Downloads

Windows 10 Pro Version 1703 (X64) (2017-06-15 00:27:38)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1820616416-2687940189-4037331366-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1820616416-2687940189-4037331366-503 - Limited - Disabled)

Guest (S-1-5-21-1820616416-2687940189-4037331366-501 - Limited - Disabled) => C:\Users\Guest

Heather (S-1-5-21-1820616416-2687940189-4037331366-1000 - Administrator - Enabled) => C:\Users\Heather

HomeGroupUser$ (S-1-5-21-1820616416-2687940189-4037331366-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden

8500A909_eDocs (HKLM-x32\...\{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

8500A909_Help (HKLM-x32\...\{69754D89-C21E-4851-83C0-399DE63C6579}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

8500A909n (HKLM-x32\...\{3CC19F30-6722-432D-8D76-81BD01212586}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

ActivID ActivClient x64 (HKLM\...\{BCE4067B-9B40-4316-9235-6A1EEAD55622}) (Version: 7.1.0 - HID Global Corporation)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)

Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION

Amazon Cloud Drive (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Amazon Cloud Drive) (Version: 2.3.5.12 - Amazon Digital Services, LLC.)

Amazon Search (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)

BPD_DSWizards (HKLM-x32\...\{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

bpd_scan (HKLM-x32\...\{3D73DC7A-2D1D-45CF-8A67-24873925C716}) (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (HKLM-x32\...\{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (HKLM-x32\...\{AD0AA962-111E-41D5-A705-0E3D9178A661}) (Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

ColorPage-SF600 (HKLM-x32\...\{B4E7F461-FF8E-40BB-9CC1-B82DBDE97710}) (Version: v. 3.0 - )

Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 140.0.65.000 - Hewlett-Packard) Hidden

DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden

Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)

EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)

e-Sign Desktop 6.6 (HKLM-x32\...\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}) (Version: 6.60.3.1000 - Silanis Technology Inc.)

Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)

Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden

HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet Pro 8500 A909 Series (HKLM\...\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}) (Version: 14.0 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)

HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden

IBM Forms Viewer 4.0.0 (HKLM-x32\...\{48462CC7-7DF3-4107-9459-12D3A11C6D80}) (Version: 4.0.0.3 - IBM)

IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)

InstallRoot (HKLM-x32\...\{9F573FEA-E9C0-4AA5-B14C-943AB9FD25EA}) (Version: 5.0 - DoD PKE)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)

MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)

Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)

MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden

PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)

Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )

Personal Ancestral File Companion 5.1 (HKLM-x32\...\Personal Ancestral File Companion 5.1) (Version: - )

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

ProductContext (HKLM-x32\...\{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)

Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)

SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden

Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)

Smart Card Manager (HKLM-x32\...\Smart Card Manager) (Version: 1.0.1-6-2 - nabber.org)

Smart Card Manager 1.0.1-6 (HKLM-x32\...\Smart Card Manager_is1) (Version: - Fedora)

SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)

Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden

TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)

Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)

TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.14C - TOSHIBA CORPORATION)

TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)

TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden

Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden

Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden

Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden

WinDirStat 1.1.2 (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\WinDirStat) (Version: - )

Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

WinX DVD Ripper Platinum 7.5.17 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)

ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll -> No File

ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)

ContextMenuHandlers01: [CtxMenu Class] -> {AC964C74-B3A6-4514-A10C-E264F90FC403} => -> No File

ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)

ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File

ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll -> No File

ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)

ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll -> No File

ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)

ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File

ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File

ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)

ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)

ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032EE9E1-AA97-4B81-AB8A-29024D0D8DFB} - System32\Tasks\HPCeeScheduleForHeather => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

Task: {0B028671-4A5B-45AC-8673-E698D6218385} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-07-26] (Distromatic) <==== ATTENTION

Task: {0E66AA68-F434-4817-914B-74CFE3F98AFA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe

Task: {1383D633-8CB1-4CAF-9214-2571ABF7BB3F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {1986DBAB-CFF9-466B-9993-F9ED71855B01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-12] (AVAST Software)

Task: {1A12B96B-0CEB-4FC0-B33A-95EFBEDF7C78} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {1A94F5AA-32F2-4BBB-9907-40418F5A7A2F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {1E64C0F0-5AD4-45FE-B89E-67EFD3CFE46E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {1ED10294-549C-4C04-ADEF-EA931BD1520A} - System32\Tasks\EPSON XP-310 Series Update {17541BBD-1B03-47D1-8690-B40CEC590190} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {21E9F172-2CAE-43ED-80A5-A3720369F404} - System32\Tasks\{6EC419E6-A19A-46C9-B591-F14696C273E2} => pcalua.exe -a C:\Users\Heather\AppData\Local\Temp\Temp1_InstallRoot_v3.16a.zip\InstallRoot_v3.16A.exe <==== ATTENTION

Task: {28CACBD0-D65F-49C8-BA70-BB91A8B5218C} - System32\Tasks\{5BF0ECBE-31E6-472D-9912-B34C91FCBD3C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {2C853E53-F264-4AAC-8087-827BB9182527} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)

Task: {2E0890DA-26F5-4B6E-8988-C5C7B416B089} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {2EC391FB-406D-464F-B71A-D9423413A25D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {2F13D6E7-9C76-44AB-BB52-7F2C6D544577} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {3307D2EA-84E9-4A13-B5DB-8E15D993EEBA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {33A1E619-576F-4B67-AA51-88549FF80EEE} - System32\Tasks\{3B98D546-C6F6-49D4-96E6-07A5E3A1E394} => pcalua.exe -a "C:\Users\Heather\AppData\Local\Temp\Temp1_SF600W7.zip\SF600 Wins 7\Setup.exe" <==== ATTENTION

Task: {353B8FA9-EDA8-4D99-8091-AD88CC1B0FFE} - System32\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {38B2B074-51DF-4B26-9632-6EE03AB6F02E} - System32\Tasks\{66A8A807-6128-46E2-842A-EAF1BFB404FA} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {3DF4EE25-0127-4BE6-ABEC-2FC6370BA327} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)

Task: {3F99C1DC-B67A-48F3-AD2C-0BE83C9D1792} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {473294E0-1018-4B80-94A2-98E41DA4B0A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)

Task: {47BE5E83-03DB-4190-86F3-F355ADEF7862} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {48E00E99-68F2-4EA3-ADD4-CDD3B8EEC567} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-07-26] (Distromatic) <==== ATTENTION

Task: {4A6E887A-C5D4-4452-A41B-96DDB96602AB} - System32\Tasks\{C3422FB5-A013-4440-8EB1-CBDA1B141699} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {4C91ABFC-3D96-449C-9363-96B74A14BE52} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-07-26] (Distromatic) <==== ATTENTION

Task: {4F09E022-7EB5-4310-A44B-367108C3E666} - System32\Tasks\EPSON XP-310 Series Invitation {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {5187FF54-8BBC-43B8-8A12-D936661C3A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {53C3DB97-F36F-40BE-835D-1B695D6EEE88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {53EDE98B-FEBF-460B-A712-AFC377E817B9} - System32\Tasks\{3FA0A656-15A3-40F9-8125-C97658AD59CD} => pcalua.exe -a C:\Users\Heather\Documents\e-Sign_6.6\instmsi.exe -d C:\Users\Heather\Documents\e-Sign_6.6

Task: {5954CC87-EF29-414A-8BA4-06C176C56D78} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)

Task: {5DBD351B-CBDB-4418-806E-31331CC07764} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {605AF760-FF7E-4B17-979F-5ABA5C0599D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)

Task: {62E91751-9B0E-4459-8CE4-70A5BB0D0830} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {6496F1FC-301D-4FB1-8355-0724AB4483A8} - System32\Tasks\SafeZone scheduled Autoupdate 1458712920 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)

Task: {66DEC70A-2692-49F6-9CD4-46392BFA376A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {6A1BB65A-0115-4EE2-BE9D-B4E70A67888A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {6C576566-91B1-490A-8C14-EDBCD6789D74} - System32\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {731A7C5A-3CC3-4088-BE34-729ED452E820} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {7889220C-63D9-41E9-8FDA-A7286C5D7753} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {7EAC28B9-A11A-4E8A-9B90-FB2FCE50763E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {810FF05D-119C-4985-94E6-FC4DF72B8DDE} - System32\Tasks\{7F0B2039-5BA3-4B9F-A5BF-E8C3997666DD} => pcalua.exe -a C:\Users\Heather\AppData\Local\Temp\Temp1_SF600_V3.zip\CP-SF600_V.3.0\setup.exe <==== ATTENTION

Task: {827C4B7C-A215-4DAE-9B4F-F8DFCDD00C06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {83E18DE6-AD0E-4EA1-BEC3-97CB658E875A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {8736294E-10F7-44B1-B10E-29A14870FAEA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {88430C0A-A43C-418B-B67A-42D64AC44B93} - System32\Tasks\EPSON XP-310 Series Invitation {12C324E4-2D15-4A9E-8AA3-FD615C950D23} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {887C2870-2587-4EE8-9BEC-8A01A0E571CA} - System32\Tasks\{DA9DDD5E-234E-4782-8BF1-781DA6F6757C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {893012BF-D37A-4FC9-A19D-D4E8536F7A61} - System32\Tasks\{8F8DC693-3AAD-470B-BAB2-E2E0AB42F8FF} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe"

Task: {89D98063-650A-44F1-AD4C-03E0EFDE60C8} - System32\Tasks\EPSON XP-310 Series Invitation {17541BBD-1B03-47D1-8690-B40CEC590190} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {8D12DB7D-AD19-480C-837D-E00741D6658A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8F1E03C9-D9FF-4D86-8D9F-82280B66D4AD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {90B1C899-D7AE-403C-BE71-63EECD070531} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {A37445D6-D5F5-4867-8217-03BFAB49489A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {A6C60B0B-968F-419C-957E-3E3503F097D8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

Task: {A72AAE77-555E-45CD-838F-C123545F84DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe

Task: {AAB04F9D-3A80-472E-B150-BC39AD5C75A3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {AD0A3D32-1866-4623-AA65-96C411A21896} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)

Task: {AEF2ADF2-8F79-4431-BB88-141607EEB150} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {B2CA2EE5-857E-4724-A13B-B0AA5433E13D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {B3EA6D3D-4A90-4D67-AC1F-1D6EFE93254C} - System32\Tasks\Uninstaller_SkipUac_Heather => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

Task: {B7CCE55E-0452-4A6D-A16B-466AEDC62662} - System32\Tasks\EPSON XP-310 Series Update {12C324E4-2D15-4A9E-8AA3-FD615C950D23} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {B8034363-6960-40EB-8B22-F6433EEC0552} - System32\Tasks\{5D0E5665-A81A-4126-9962-BF663DCEC37E} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {BB53CA23-E591-4F73-BD2A-041FD5CBC783} - System32\Tasks\EPSON XP-310 Series Invitation {E285F971-3921-479A-8619-A41349396DFD} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {BB57090F-201D-4A6F-B12F-4E115DAF1768} - System32\Tasks\{32DC09B6-6D58-417F-A947-929E8534B41C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe

Task: {C31D26E5-FF7F-4DC7-9D68-4037840D0B94} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {C4AC806B-559D-43A4-ACB6-B532A41936DA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {C52E051E-CD06-4264-8F76-8DEAF7C67C7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {C5944746-2DFC-4578-B579-939B6B6F4263} - System32\Tasks\EPSON XP-310 Series Update {A608DEE5-743B-4039-87F8-12F2E2D4D097} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {C5B3C5AE-E9C5-4BE2-874B-8137787CDAA4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe

Task: {C6E34B7E-D3D8-4DEA-9649-7C2911E346FE} - System32\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {C81143E5-5DC8-40C5-96E6-D2A617C68A91} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

Task: {C99B4B31-180E-4050-AE71-2086F37F1E4A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {CC582809-914A-4E39-A41A-4ED99BE31BA9} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-07-26] (Distromatic) <==== ATTENTION

Task: {D13014EA-A3AC-40C0-97AB-2B7CAED75F93} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {D2541D42-0938-4FB6-A837-76D723C93C68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {D52B1507-B4D7-4A37-A7F6-9F0B896BA86B} - System32\Tasks\EPSON XP-310 Series Update {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {D76FC3CD-1E32-4255-B956-7E3DFEC4217B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION

Task: {D89ED83E-4D3B-4E7C-A427-6E903C625538} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)

Task: {D8EFBA13-95B1-47A8-8A54-2134A92B7F4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-21] (Adobe Systems Incorporated)

Task: {D9EE52A3-110D-4472-9A1B-D5D226A9E0A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {DBA8D983-FE7D-40F5-801C-736F3AE8D225} - System32\Tasks\EPSON XP-310 Series Invitation {A608DEE5-743B-4039-87F8-12F2E2D4D097} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {DBF712CF-4B42-4E71-8EB1-7214C1EF809A} - System32\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {DC9A9083-69EB-45E5-91A2-91B4F024CBBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {E6DE8884-F06F-4979-9B5C-517E9B5A8F08} - System32\Tasks\EPSON XP-310 Series Update {E285F971-3921-479A-8619-A41349396DFD} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {E78951F9-136E-404B-A7A2-DB1A3CC0E553} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {E7CDA6AE-D2E4-49C9-BD12-8B03604CFDFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {E8B34326-2C74-432C-A8DA-039C8E7EB816} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)

Task: {EE3B0E45-8EA5-46BF-BE0E-EB8AF5DE6C93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {F108CC8D-400B-4C85-AFA5-5AD62BBD6CF4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {F34701E3-B619-45C2-9D80-461D93535072} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-25] (AVAST Software)

Task: {FB89F4F1-DDD6-43D5-8DC5-FE9CBCCE8C03} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {FD223737-B50A-495B-920E-04390CA89DD8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION

Task: {FD744948-E925-4B30-A422-B64BFE59ABDE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {FDD8F0F3-D15C-4616-9BA2-A37D43A81D77} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

Task: {FEF4BB1D-AEA2-4141-A7BD-25CB4870BCAD} - System32\Tasks\{2FC5FEA5-E0FA-4A35-A666-A90C6CA50DED} => pcalua.exe -a "C:\Users\Heather\Desktop\SF600 Wins 7\Setup.exe" -d "C:\Users\Heather\Desktop\SF600 Wins 7"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {12C324E4-2D15-4A9E-8AA3-FD615C950D23}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {17541BBD-1B03-47D1-8690-B40CEC590190}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {A608DEE5-743B-4039-87F8-12F2E2D4D097}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {E285F971-3921-479A-8619-A41349396DFD}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {12C324E4-2D15-4A9E-8AA3-FD615C950D23}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{12C324E4-2D15-4A9E-8AA3-FD615C950D23} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {17541BBD-1B03-47D1-8690-B40CEC590190}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{17541BBD-1B03-47D1-8690-B40CEC590190} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{8A3FE365-CB04-46AF-93A5-00FA801EDC7B} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {A608DEE5-743B-4039-87F8-12F2E2D4D097}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{A608DEE5-743B-4039-87F8-12F2E2D4D097} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {E285F971-3921-479A-8619-A41349396DFD}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{E285F971-3921-479A-8619-A41349396DFD} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\HPCeeScheduleForHeather.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

CutMeIn · Jul 10, 2017

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-07 18:07 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll

2017-03-23 11:14 - 2017-01-31 05:34 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2016-12-02 08:32 - 2016-12-02 08:32 - 00401912 _____ () C:\WINDOWS\system32\igfxTray.exe

2017-03-18 13:59 - 2017-03-18 19:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-09-21 10:15 - 2016-09-21 10:15 - 00170184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll

2017-06-20 09:29 - 2017-06-20 09:29 - 00402624 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream64.dll

2017-06-14 13:11 - 2017-06-14 13:11 - 00104624 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe

2017-06-14 13:12 - 2017-06-14 13:12 - 00159408 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\aaLoader64.dll

2015-04-24 16:07 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll

2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll

2017-05-25 12:25 - 2017-05-25 12:25 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2017-05-25 12:26 - 2017-05-25 12:26 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll

2017-05-25 12:26 - 2017-05-25 12:26 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-05-25 12:26 - 2017-05-25 12:26 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-05-25 12:26 - 2017-05-25 12:26 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll

2017-05-25 12:25 - 2017-05-25 12:25 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2017-05-25 12:26 - 2017-05-25 12:26 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2014-09-29 04:01 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2017-03-23 11:14 - 2017-01-31 03:14 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2017-07-10 12:30 - 2017-07-10 12:30 - 00098816 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32api.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00110080 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\pywintypes27.dll

2017-07-10 12:30 - 2017-07-10 12:30 - 00364544 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\pythoncom27.dll

2017-07-10 12:30 - 2017-07-10 12:30 - 00320512 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32com.shell.shell.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00914432 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_hashlib.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 01176576 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._core_.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00806400 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._gdi_.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00816128 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._windows_.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 01067008 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._controls_.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00733184 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._misc_.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00682496 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\pysqlite2._sqlite.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00088064 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_ctypes.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00686080 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\unicodedata.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00119808 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32file.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00108544 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32security.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00007168 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\hashobjs_ext.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00017920 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\thumbnails_ext.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00088064 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\usb_ext.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00012800 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\common.time34.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00018432 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32event.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00167936 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32gui.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00046080 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_socket.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 01303552 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_ssl.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00128512 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_elementtree.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00127488 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\pyexpat.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00038912 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32inet.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00036864 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_psutil_windows.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00524248 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\windows._lib_cacheinvalidation.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00011264 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32crypt.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00123392 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._wizard.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00077312 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._html2.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00027648 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_multiprocessing.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00020480 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\_yappi.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00035840 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32process.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00078848 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\wx._animate.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00024064 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32pipe.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00010240 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\select.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00025600 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32pdh.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00017408 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32profile.pyd

2017-07-10 12:30 - 2017-07-10 12:30 - 00022528 ____R () C:\Users\Heather\AppData\Local\Temp\_MEI27562\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\militarycac.com -> hxxps://militarycac.com

IE trusted site: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\osd.mil%22 -> osd.mil%22

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\WINDOWS\pss\Send to OneNote.lnk.Startup

MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto

MSCONFIG\startupreg: BatteryManager => %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFA18497-81E5-4F32-890B-1C2CC6B4CC3C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe

FirewallRules: [{CF8852B2-0A5C-4F74-9A6F-1ABBD45484EC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

FirewallRules: [{EEDFD925-44E4-4741-AEB9-C859FB59381F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{D9696D48-2DDA-46A1-85F3-39E8F62D7532}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{BF3EB2FD-545C-4B0C-B71A-D68DD2B83DA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{15292CBA-E1DD-4761-8B2B-836E7D432927}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{A2BD48CB-A7E3-484F-83FA-FE0CBE4A3350}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{B8FB799A-AB66-40F3-8F95-5083452294FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{8386C2CC-FD54-4A95-906D-4518D0D7EF98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

FirewallRules: [{F300B1B1-04DC-456F-A120-B5AB33246604}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe

FirewallRules: [{C5CF5C20-2D22-4522-B0C7-4E855206FEF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{44ADD817-20C1-44BE-8754-81CA05163383}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{4C852BAA-E43D-4195-B534-3851C48419A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{E690CB49-D4F9-4A70-BAF4-AC63C5453E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{FA14BF4A-6A45-43F0-BB24-C947D4D7EBAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{38F79887-E7C5-477E-85D3-A1E266C59AFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{D3F5BDB8-5B74-47AD-82A5-2A850A03FAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{437E652E-6754-447F-B74B-DC4D00EB3412}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{F5D72BF8-76AC-48A1-90BE-99B8EA6FD777}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{5A4BE32D-8678-4C56-AE33-980D03F56031}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{74804F4E-D6DD-4752-8311-FDA9DB500938}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{FE81CC1A-AEFE-4766-847E-99E0F4A9A906}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{04EEAAF9-4717-4183-8FB5-2FFF90280434}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{15A32223-7135-4DEA-BAFA-6965AC6B9DDC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{A0CCD68C-31C3-465B-B1BA-40FFCC80DB43}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{C0D629AA-E6D9-4AFA-85EF-23E223ACE138}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{5027CB7F-283E-4DF5-A7D2-C4C0034C7C41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{107CCEDA-E222-4DD4-B5D0-F209EB2D0EA6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{61C73778-460A-46CE-B82C-7B6DB6C1F776}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [UDP Query User{EA5764A8-1020-46BB-AE6B-6700FE3664F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [TCP Query User{B9D4F0AA-E22A-4653-967A-311097D44074}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{D75A00AA-C9C3-4EFC-ACC2-A360D62F3DA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [UDP Query User{90281FFA-5A4A-44B0-9F60-7A538169D00B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [TCP Query User{7C0310C1-F3F2-4E06-914E-A34C314092B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{AC6A2D46-06DB-4FE5-B715-7A4DE718DE7C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [TCP Query User{0DFFF021-ECEC-4ADC-B619-CA66995D1FDE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{4DA27428-90A5-487A-8E59-93B764C8707A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{BA5D44CD-7353-413C-8556-5A43939191E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{2E70803C-9835-4A42-BC47-81D30415282A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-06-2017 18:37:22 Scheduled Checkpoint

02-07-2017 11:01:31 Scheduled Checkpoint

09-07-2017 20:13:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/10/2017 11:46:06 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.15063.0, time stamp: 0x7e29c811

Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c

Exception code: 0xc0020001

Fault offset: 0x0000000000069e08

Faulting process id: 0x2fc8

Faulting application start time: 0x01d2f9a968f3f51e

Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: eda08827-6340-466e-bf9d-ff83ec76157a

Faulting package full name:

Faulting package-relative application ID:

Error: (07/10/2017 11:22:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.15063.0, time stamp: 0x7e29c811

Faulting module name: KERNELBASE.dll, version: 10.0.15063.296, time stamp: 0xa0527b0c

Exception code: 0xc0020001

Fault offset: 0x0000000000069e08

Faulting process id: 0x914

Faulting application start time: 0x01d2f9a93269d95c

Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report Id: 9c6c84e7-a46c-42c0-afee-a56d1697bf97

Faulting package full name:

Faulting package-relative application ID:

Error: (07/10/2017 11:15:08 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/10/2017 10:34:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEATHER-PC)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/09/2017 10:03:40 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 11.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1bbc

Start Time: 01d2f93771e8e312

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 91baa5f8-e5cf-482d-9064-e7e868837f58

Faulting package full name:

Faulting package-relative application ID:

Error: (07/09/2017 08:34:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume TI10695800D (C

was not optimized because an error was encountered: This element already exists in the table. All entries in the table must be unique. (0x89000014)

Error: (07/09/2017 08:06:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume TI10695800D (C

was not optimized because an error was encountered: This element already exists in the table. All entries in the table must be unique. (0x89000014)

Error: (07/09/2017 08:02:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Microsoft.Photos.exe version 1.0.1706.13001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6a4

Start Time: 01d2f65f9a92108d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 88a185be-778d-4c85-b92e-86c24a7b8720

Faulting package full name: Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/09/2017 08:02:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HEATHER-PC)

Description: Package Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/09/2017 08:02:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEATHER-PC)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:

=============

Error: (07/10/2017 12:28:29 PM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 12:28:21 PM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:46:10 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:35:56 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:31:03 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:30:51 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:30:32 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:23:22 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:22:58 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 11:22:55 AM) (Source: DCOM) (EventID: 10016) (User: HEATHER-PC)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Heather-PC\Heather SID (S-1-5-21-1820616416-2687940189-4037331366-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:

===================================

Date: 2017-06-24 15:54:11.585

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.499

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.355

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.197

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.170

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.053

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:05.168

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:02.261

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-21 11:32:16.572

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-21 11:32:16.534

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz

Percentage of memory in use: 53%

Total physical RAM: 6056.69 MB

Available physical RAM: 2798.67 MB

Total Virtual: 12200.69 MB

Available Virtual: 8271.21 MB

==================== Drives ================================

Drive c: (TI10695800D) (Fixed) (Total:919.58 GB) (Free:816.81 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 7E44A330)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=919.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=860 MB) - (Type=27)

Partition 4: (Not Active) - (Size=9.6 GB) - (Type=17)

==================== End of Addition.txt ============================

Broni · Jul 10, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

Uninstall following unwanted program: Amazon Assistant.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

CutMeIn · Jul 10, 2017

RogueKiller V12.11.6.0 (x64) [Jul 10 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Heather [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/10/2017 17:02:05 (Duration : 00:56:33)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll) -> Deleted
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Deleted
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Distromatic -> Deleted
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\ParetoLogic -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Distromatic -> Deleted
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\ParetoLogic -> Deleted
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://login.us.army.mil/suite/log...mil-/suite-/sso-/redirect-.html-?site-=0zxxz0 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://login.us.army.mil/suite/log...mil-/suite-/sso-/redirect-.html-?site-=0zxxz0 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com/?pc=TNJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\ParetoLogic -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\license.dat -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\License.rdat -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_FirstRun.rdat -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\License_Time.rdat -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\RB.rdat -> Deleted
[PUP.Gen1][File] C:\ProgramData\ParetoLogic\RegCure Pro\tfn.xml -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\ParetoLogic\RegCure Pro -> Deleted
[PUP.Gen1][Folder] C:\Users\Heather\AppData\Roaming\ParetoLogic -> Deleted
[PUP.Gen1][Folder] C:\Users\Heather\AppData\Roaming\ParetoLogic\RegCure Pro -> Deleted
[PUP.Gen1][Folder] C:\Users\Heather\AppData\Local\Amazon Browser Settings -> Deleted
[PUP.Gen1][File] C:\Users\Heather\AppData\Local\Amazon Browser Settings\protect.json -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\ParetoLogic -> ERROR [3]
[PUP.Gen1][Folder] C:\Program Files (x86)\Amazon Browser Settings -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\installer.json -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\uninstall.ico -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\uninstall.json -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\uninstaller.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Amazon Browser Settings\updater.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SCSI Disk Device +++++
--- User ---
[MBR] 150cd0dbb547b9dffbdd6b4179b86f47
[BSP] c9de00ac367961478eb43eb41f4dbd4a : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 941653 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1931581440 | Size: 860 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1933342720 | Size: 9854 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

CutMeIn · Jul 10, 2017

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/10/17
Scan Time: 6:13 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2337
License: Trial

-System Information-
OS: Windows 10 (Build 15063.413)
CPU: x64
File System: NTFS
User: HEATHER-PC\Heather

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465178
Threats Detected: 37
Threats Quarantined: 37
Time Elapsed: 8 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 28
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DistromaticSearchProtect-hourly, Quarantined, [14], [312599],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DistromaticSearchProtect-logon, Quarantined, [14], [312599],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DistromaticUpdater-logon, Quarantined, [14], [312599],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DistromaticUpdater-periodic, Quarantined, [14], [312599],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.AmazonRuntimeServer, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.Amazon1ButtonRuntime, Quarantined, [1506], [386607],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B028671-4A5B-45AC-8673-E698D6218385}, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{48E00E99-68F2-4EA3-ADD4-CDD3B8EEC567}, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C91ABFC-3D96-449C-9363-96B74A14BE52}, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CC582809-914A-4E39-A41A-4ED99BE31BA9}, Quarantined, [14], [312598],1.0.2337

Registry Value: 4
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B028671-4A5B-45AC-8673-E698D6218385}|PATH, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{48E00E99-68F2-4EA3-ADD4-CDD3B8EEC567}|PATH, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4C91ABFC-3D96-449C-9363-96B74A14BE52}|PATH, Quarantined, [14], [312598],1.0.2337
PUP.Optional.AmazonBrowserSettings, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CC582809-914A-4E39-A41A-4ED99BE31BA9}|PATH, Quarantined, [14], [312598],1.0.2337

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.RegCurePro, C:\USERS\HEATHER\DOWNLOADS\REGCUREPROSETUP_D671A007-44E5-4C0C-95B9-6DCF58AB68F6_.EXE, Quarantined, [1573], [336305],1.0.2337
PUP.Optional.AmazonBrowserSettings, C:\WINDOWS\SYSTEM32\TASKS\DistromaticSearchProtect-hourly, Quarantined, [14], [312600],1.0.2337
PUP.Optional.AmazonBrowserSettings, C:\WINDOWS\SYSTEM32\TASKS\DistromaticSearchProtect-logon, Quarantined, [14], [312600],1.0.2337
PUP.Optional.AmazonBrowserSettings, C:\WINDOWS\SYSTEM32\TASKS\DistromaticUpdater-logon, Quarantined, [14], [312600],1.0.2337
PUP.Optional.AmazonBrowserSettings, C:\WINDOWS\SYSTEM32\TASKS\DistromaticUpdater-periodic, Quarantined, [14], [312600],1.0.2337

Physical Sector: 0
(No malicious items detected)

(end)

CutMeIn · Jul 10, 2017

CutMeIn · Jul 10, 2017

Screenshot is of adwcleaner report that cannot post

Broni · Jul 10, 2017

Attach it.

CutMeIn · Jul 11, 2017

Attached

CutMeIn · Jul 11, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Heather (Administrator) on Mon 07/10/2017 at 19:10:08.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Heather\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Heather (Task)
Successfully deleted: C:\Program Files (x86)\GUT627F.tmp (File)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E8381F59-AC38-4EE0-9A10-F0CA02F2CE71} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/10/2017 at 19:15:15.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CutMeIn · Jul 11, 2017

At this point, I cannot see any change. I still have the pop-up every 5 seconds which makes it a real pain to do anything.
In add and remove programs, I cannot remove Amazon Assistant.
I appreciate the help, will run your next instructions as soon as possible.

Broni · Jul 11, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

CutMeIn · Jul 11, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by Heather (administrator) on HEATHER-PC (11-07-2017 12:00:50)
Running from C:\Users\Heather\Downloads
Loaded Profiles: Heather (Available Profiles: Heather & Guest & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HID Global Corporation) C:\Program Files\HID Global\ActivClient\acevents.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [ac.activclient.gui.scagent.exe] => C:\Program Files\HID Global\ActivClient\ac.activclient.gui.scagent.exe [813592 2016-07-20] (HID Global Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-25] (AVAST Software)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401912 2016-12-02] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2011-01-29] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [1957888 2014-03-18] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\ DisallowedCertificates: 675D2D785AF7EE6650B1A056CB3F82FDAEA8673E (U)
HKLM\ DisallowedCertificates: 7DA8E84296EE238818EE427287774508B26D094A (U)
HKLM\ DisallowedCertificates: 99C494ECE4FC093EEE13C4D65B1B1E01B9B5D434 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\ DisallowedCertificates: FFAD03329B9E527A43EEC66A56F9CBB5393E6E13 (U)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2015-03-14]
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}\Icon9557F1BC1.ico ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2b6cb6cc-9d1f-422d-be4b-65f095323077}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d7ec2e1e-02b4-4ee9-a0f0-c5aa8b8cc76c}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> DefaultScope {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> {B13803F7-D4C5-4FDB-83FF-1BC6D1C7A345} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-09-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-09-13] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-09-21] (Microsoft Corporation)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-03] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 61fsaisr.default
FF ProfilePath: C:\Users\Heather\AppData\Roaming\RedHat\ESC\Profiles\850350i8.default [2016-12-10]
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default [2017-07-11]
FF user.js: detected! => C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\user.js [2015-02-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\61fsaisr.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\61fsaisr.default -> hxxps://www.google.com/
FF Extension: (Proxmate) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\sp@avast.com.xpi [2017-06-06]
FF Extension: (Multi Dictionary Lookup) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\tfdlookup@nohup.in.xpi [2016-03-11]
FF Extension: (Avast Online Security) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\wrc@avast.com.xpi [2017-06-06]
FF Extension: (Adblock Plus) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\61fsaisr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF Extension: (ActivClient Security Module) - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module [2017-03-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-05-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{f3fec9ea-7e7c-42ac-af46-c1b6f046a9d6}] - C:\Program Files (x86)\HID Global\ActivClient\Mozilla Extensions\ActivClient PKCS #11 Security Module
FF HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-09-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll [2010-02-01] (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-20]
CHR Extension: (Feathered Corner) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhkdaliaddhbdmbdmgabgfanjiekiap [2017-04-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Chrome Media Router) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-10]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Heather\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-03-13]
CHR HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-25] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373752 2016-12-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ActivID Shared Store Service; C:\WINDOWS\system32\dllhost.exe /Processid:{BD1113E3-8BB6-4638-8495-7B6DFA9B0547}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-25] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-25] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-25] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-25] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-25] (AVAST Software)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 S3XXx64; C:\WINDOWS\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-12-31] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 11:59 - 2017-07-11 11:59 - 04110280 _____ C:\Users\Heather\Downloads\adwcleaner_6.047.exe
2017-07-11 11:48 - 2017-07-11 12:00 - 00000000 ____D C:\Users\Heather\Desktop\recovery tools
2017-07-11 09:00 - 2017-07-11 09:00 - 00005015 _____ C:\Users\Heather\Desktop\AdwCleaner[C0].txt
2017-07-11 08:55 - 2017-07-11 08:55 - 00000000 ____D C:\Users\Heather\AppData\Roaming\ProductData
2017-07-10 19:15 - 2017-07-10 19:15 - 00001432 _____ C:\Users\Heather\Desktop\JRT.txt
2017-07-10 19:09 - 2017-07-10 19:09 - 01663672 _____ (Malwarebytes) C:\Users\Heather\Downloads\JRT.exe
2017-07-10 18:51 - 2017-07-10 18:51 - 04110280 _____ C:\Users\Heather\Downloads\AdwCleaner(1).exe
2017-07-10 18:31 - 2017-07-10 18:53 - 00000000 ____D C:\AdwCleaner
2017-07-10 18:31 - 2017-07-10 18:31 - 04110280 _____ C:\Users\Heather\Downloads\AdwCleaner.exe
2017-07-10 18:23 - 2017-07-10 18:24 - 00396856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-10 18:13 - 2017-07-10 18:13 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-10 18:12 - 2017-07-11 09:57 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-10 18:12 - 2017-07-10 18:42 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-10 18:12 - 2017-07-10 18:12 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-10 18:12 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-10 18:11 - 2017-07-10 18:11 - 65033984 _____ (Malwarebytes ) C:\Users\Heather\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-10 17:02 - 2017-07-10 17:02 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-10 17:00 - 2017-07-10 18:18 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-10 17:00 - 2017-07-10 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-10 17:00 - 2017-07-10 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-10 16:58 - 2017-07-10 16:58 - 35612552 _____ (Adlice Software ) C:\Users\Heather\Downloads\RogueKiller_setup_ref3.exe
2017-07-10 12:53 - 2017-07-10 12:53 - 00072386 _____ C:\Users\Heather\Downloads\Addition.txt
2017-07-10 12:51 - 2017-07-11 12:02 - 00024727 _____ C:\Users\Heather\Downloads\FRST.txt
2017-07-10 12:50 - 2017-07-11 12:00 - 00000000 ____D C:\FRST
2017-07-10 12:48 - 2017-07-10 12:48 - 02437120 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2017-07-10 11:22 - 2017-07-10 11:22 - 00000000 ___HD C:\$AV_ASW
2017-07-10 11:20 - 2017-07-10 11:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-07-05 22:27 - 2017-07-05 23:18 - 00000000 ____D C:\Users\Heather\Desktop\Profile request
2017-07-05 22:26 - 2017-07-05 22:26 - 01363778 _____ C:\Users\Heather\Desktop\Profile request Jul 2017 BACK.pdf
2017-07-05 22:04 - 2017-07-05 22:04 - 00023210 _____ C:\Users\Heather\Downloads\AR-MMC Physican Letter July 2016.pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(3).pdf
2017-07-05 22:02 - 2017-07-05 22:02 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016(1).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(2).pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01145991 _____ C:\Users\Heather\Downloads\How to Retrieve a Copy of Your Profile.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 01063584 _____ C:\Users\Heather\Downloads\Profile Request Packet Process pdf.pdf
2017-07-05 21:58 - 2017-07-05 21:58 - 00116165 _____ C:\Users\Heather\Downloads\ARMY RESERVE MEDICAL PROFILE REQUEST PACKET INSTRUCTIONS(Read First).pdf
2017-07-04 09:51 - 2017-07-04 09:51 - 00043490 _____ C:\Users\Heather\Desktop\PGRVerificationofInsurance.pdf
2017-07-04 09:50 - 2017-07-04 09:50 - 00045109 _____ C:\Users\Heather\Downloads\PGRVerificationofInsurance.pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016(1).pdf
2017-06-26 19:25 - 2017-06-26 19:25 - 01349069 _____ C:\Users\Heather\Downloads\FCC507 AR-MMC PRP July 2016.pdf
2017-06-26 18:59 - 2017-06-26 18:59 - 01669952 _____ C:\Users\Heather\Downloads\AR-MMC_WKSHT-001 PRP July 2016.pdf
2017-06-25 15:31 - 2017-06-25 15:31 - 03140724 _____ C:\Users\Heather\Downloads\TC25-10LaneTraining.pdf
2017-06-25 11:32 - 2017-06-25 11:33 - 00000000 ____D C:\Users\Heather\Desktop\PFC Flores Certs
2017-06-24 16:53 - 2017-06-24 16:53 - 00217637 _____ C:\Users\Heather\Downloads\Harris(2).pdf
2017-06-24 16:52 - 2017-06-24 16:52 - 00217637 _____ C:\Users\Heather\Downloads\Harris(1).pdf
2017-06-24 16:51 - 2017-06-24 16:51 - 00217637 _____ C:\Users\Heather\Downloads\Harris.pdf
2017-06-24 16:01 - 2017-06-24 16:01 - 00123654 _____ C:\Users\Heather\Downloads\UMR 16JUN2017 NO SS#.pdf
2017-06-21 11:10 - 2017-06-21 11:10 - 05427200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-06-20 10:03 - 2017-07-02 09:29 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-07-02 09:29 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job
2017-06-20 10:03 - 2017-06-20 10:03 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 10:03 - 2017-06-20 10:03 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}
2017-06-20 09:55 - 2017-06-20 10:00 - 00000941 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 10:00 - 00000755 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job
2017-06-20 09:55 - 2017-06-20 09:55 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 09:55 - 2017-06-20 09:55 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}
2017-06-20 00:34 - 2017-06-20 00:34 - 00006402 _____ C:\Users\Heather\Downloads\Champagne Currant.pdf
2017-06-20 00:30 - 2017-06-20 00:30 - 00006711 _____ C:\Users\Heather\Downloads\Aronia Berry.pdf
2017-06-18 22:57 - 2017-06-18 22:57 - 00000000 ____D C:\Users\Heather\AppData\Local\DBG
2017-06-18 14:44 - 2017-06-18 14:44 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-16 15:08 - 2017-06-16 15:08 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017(1).pdf
2017-06-16 14:54 - 2017-06-16 14:54 - 00080196 _____ C:\Users\Heather\Downloads\APFT HW Jun 2017.pdf
2017-06-16 14:51 - 2017-06-16 14:51 - 00080196 _____ C:\Users\Heather\Desktop\APFT HW Jun 2017.pdf
2017-06-16 14:49 - 2017-06-16 14:49 - 00076099 _____ C:\Users\Heather\Downloads\QuickMemo+_170616_144700.pdf
2017-06-16 14:13 - 2017-06-16 14:13 - 00041032 _____ C:\Users\Heather\Desktop\Jun training schedule.docm
2017-06-15 11:37 - 2017-06-03 02:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:37 - 2017-06-03 02:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-15 11:37 - 2017-06-03 02:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-15 11:37 - 2017-06-03 02:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:37 - 2017-06-03 02:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-15 11:37 - 2017-06-03 02:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-15 11:37 - 2017-06-03 02:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-15 11:37 - 2017-06-03 01:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-15 11:37 - 2017-06-03 01:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-15 11:37 - 2017-06-03 01:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-15 11:37 - 2017-06-03 01:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-15 11:37 - 2017-06-03 01:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-15 11:36 - 2017-06-03 02:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-15 11:36 - 2017-06-03 02:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-15 11:36 - 2017-06-03 02:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-15 11:36 - 2017-06-03 02:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-15 11:36 - 2017-06-03 02:21 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-06-15 11:36 - 2017-06-03 02:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-15 11:36 - 2017-06-03 02:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-15 11:36 - 2017-06-03 02:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-15 11:36 - 2017-06-03 02:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-15 11:36 - 2017-06-03 02:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-15 11:36 - 2017-06-03 01:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-15 11:36 - 2017-06-03 01:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-15 11:36 - 2017-06-03 01:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-15 11:36 - 2017-06-03 01:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-15 11:32 - 2017-06-03 03:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-15 11:32 - 2017-06-03 03:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-15 11:32 - 2017-06-03 03:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-15 11:32 - 2017-06-03 02:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-15 11:32 - 2017-06-03 02:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-15 11:32 - 2017-06-03 02:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-15 11:32 - 2017-06-03 02:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-15 11:32 - 2017-06-03 02:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-15 11:32 - 2017-06-03 02:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-15 11:32 - 2017-06-03 02:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-15 11:32 - 2017-06-03 02:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-15 11:32 - 2017-06-03 02:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-15 11:32 - 2017-06-03 02:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-15 11:32 - 2017-06-03 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-15 11:32 - 2017-06-03 02:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-15 11:32 - 2017-06-03 02:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-15 11:32 - 2017-06-03 02:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-15 11:32 - 2017-06-03 02:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-15 11:32 - 2017-06-03 02:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-15 11:32 - 2017-06-03 02:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-15 11:32 - 2017-06-03 02:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-15 11:32 - 2017-06-03 01:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-15 11:32 - 2017-06-03 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-15 11:32 - 2017-06-03 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-15 11:32 - 2017-06-03 01:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-15 11:32 - 2017-06-03 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-15 11:31 - 2017-06-03 03:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-15 11:31 - 2017-06-03 03:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-15 11:31 - 2017-06-03 03:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-15 11:31 - 2017-06-03 03:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-15 11:31 - 2017-06-03 03:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-15 11:31 - 2017-06-03 03:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-15 11:31 - 2017-06-03 03:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-15 11:31 - 2017-06-03 03:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-15 11:31 - 2017-06-03 03:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-15 11:31 - 2017-06-03 03:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-15 11:31 - 2017-06-03 02:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-15 11:31 - 2017-06-03 02:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 02228120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 01458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00848288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-06-15 11:31 - 2017-06-03 02:56 - 00844696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00697760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-06-15 11:31 - 2017-06-03 02:56 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-06-15 11:31 - 2017-06-03 02:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll

CutMeIn · Jul 11, 2017

43392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-15 11:31 - 2017-06-03 02:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-15 11:31 - 2017-06-03 02:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-15 11:31 - 2017-06-03 02:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-15 11:31 - 2017-06-03 02:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-15 11:31 - 2017-06-03 02:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-15 11:31 - 2017-06-03 02:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-15 11:31 - 2017-06-03 02:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-15 11:31 - 2017-06-03 02:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-15 11:31 - 2017-06-03 01:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-15 11:31 - 2017-06-03 01:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-15 11:31 - 2017-06-03 01:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-15 11:31 - 2017-06-03 01:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-15 11:31 - 2017-06-03 01:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-15 11:31 - 2017-06-03 01:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-15 11:31 - 2017-06-03 01:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-15 11:31 - 2017-06-03 01:54 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-06-15 11:31 - 2017-06-03 01:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-15 11:30 - 2017-06-03 03:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-15 11:30 - 2017-06-03 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 19:35 - 2017-06-14 19:35 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-14 19:31 - 2017-06-14 19:31 - 00000020 ___SH C:\Users\Heather\ntuser.ini
2017-06-14 17:29 - 2017-07-04 09:38 - 00000000 ____D C:\Windows.old
2017-06-14 17:27 - 2017-06-14 17:27 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-14 17:27 - 2017-06-14 17:27 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-14 17:27 - 2017-06-14 17:27 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-14 17:27 - 2017-06-14 17:27 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-14 17:27 - 2017-06-14 17:27 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 17:27 - 2017-06-14 17:27 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-14 17:27 - 2017-06-14 17:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-14 17:27 - 2017-06-14 17:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-14 17:27 - 2017-06-14 17:27 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-14 17:27 - 2017-06-14 17:27 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 17:27 - 2017-06-14 17:27 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-14 17:27 - 2017-06-14 17:27 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-14 17:26 - 2017-06-14 17:26 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-14 17:23 - 2017-06-14 17:25 - 00015243 _____ C:\WINDOWS\diagwrn.xml
2017-06-14 17:23 - 2017-06-14 17:25 - 00015243 _____ C:\WINDOWS\diagerr.xml
2017-06-14 17:18 - 2017-06-14 17:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-14 17:18 - 2017-06-14 16:37 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-14 17:15 - 2017-07-11 08:59 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2000B4D4-D381-4851-88C1-BA02AFD0B3A1}
2017-06-14 17:15 - 2017-07-10 18:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-14 17:15 - 2017-07-10 12:18 - 00003262 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHeather
2017-06-14 17:15 - 2017-06-21 11:10 - 00004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-14 17:15 - 2017-06-20 00:14 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-06-14 17:15 - 2017-06-16 13:47 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-14 17:15 - 2017-06-14 17:16 - 00003492 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {A608DEE5-743B-4039-87F8-12F2E2D4D097}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003492 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003492 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {12C324E4-2D15-4A9E-8AA3-FD615C950D23}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {E285F971-3921-479A-8619-A41349396DFD}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003314 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {A608DEE5-743B-4039-87F8-12F2E2D4D097}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003314 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {12C324E4-2D15-4A9E-8AA3-FD615C950D23}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {E285F971-3921-479A-8619-A41349396DFD}
2017-06-14 17:15 - 2017-06-14 17:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {17541BBD-1B03-47D1-8690-B40CEC590190}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002420 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-06-14 17:15 - 2017-06-14 17:16 - 00002394 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-06-14 17:15 - 2017-06-14 17:16 - 00002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-06-14 17:15 - 2017-06-14 17:16 - 00002328 _____ C:\WINDOWS\System32\Tasks\{2FC5FEA5-E0FA-4A35-A666-A90C6CA50DED}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002318 _____ C:\WINDOWS\System32\Tasks\{8F8DC693-3AAD-470B-BAB2-E2E0AB42F8FF}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002302 _____ C:\WINDOWS\System32\Tasks\{7F0B2039-5BA3-4B9F-A5BF-E8C3997666DD}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002118 _____ C:\WINDOWS\System32\Tasks\{DA9DDD5E-234E-4782-8BF1-781DA6F6757C}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002118 _____ C:\WINDOWS\System32\Tasks\{5D0E5665-A81A-4126-9962-BF663DCEC37E}
2017-06-14 17:15 - 2017-06-14 17:16 - 00002118 _____ C:\WINDOWS\System32\Tasks\{32DC09B6-6D58-417F-A947-929E8534B41C}
2017-06-14 17:15 - 2017-06-14 17:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-14 17:15 - 2017-06-14 17:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {17541BBD-1B03-47D1-8690-B40CEC590190}
2017-06-14 17:15 - 2017-06-14 17:15 - 00003360 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458712920
2017-06-14 17:15 - 2017-06-14 17:15 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-14 17:15 - 2017-06-14 17:15 - 00003314 _____ C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}
2017-06-14 17:15 - 2017-06-14 17:15 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-14 17:15 - 2017-06-14 17:15 - 00002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2017-06-14 17:15 - 2017-06-14 17:15 - 00002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2017-06-14 17:15 - 2017-06-14 17:15 - 00002324 _____ C:\WINDOWS\System32\Tasks\{3FA0A656-15A3-40F9-8125-C97658AD59CD}
2017-06-14 17:15 - 2017-06-14 17:15 - 00002318 _____ C:\WINDOWS\System32\Tasks\{6EC419E6-A19A-46C9-B591-F14696C273E2}
2017-06-14 17:15 - 2017-06-14 17:15 - 00002300 _____ C:\WINDOWS\System32\Tasks\{3B98D546-C6F6-49D4-96E6-07A5E3A1E394}
2017-06-14 17:15 - 2017-06-14 17:15 - 00002278 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-06-14 17:15 - 2017-06-14 17:15 - 00002118 _____ C:\WINDOWS\System32\Tasks\{C3422FB5-A013-4440-8EB1-CBDA1B141699}
2017-06-14 17:15 - 2017-06-14 17:15 - 00002118 _____ C:\WINDOWS\System32\Tasks\{66A8A807-6128-46E2-842A-EAF1BFB404FA}
2017-06-14 17:15 - 2017-06-14 17:15 - 00002118 _____ C:\WINDOWS\System32\Tasks\{5BF0ECBE-31E6-472D-9912-B34C91FCBD3C}
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\Program Files\MSBuild
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\inetpub
2017-06-14 17:12 - 2017-06-14 17:12 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-14 17:12 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-14 17:12 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 17:12 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-14 17:12 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-14 17:12 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 17:12 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-14 16:59 - 2017-06-14 16:59 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-14 16:49 - 2017-06-14 17:01 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-14 16:49 - 2017-06-14 16:49 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-06-14 16:48 - 2017-06-14 16:48 - 00000000 ____D C:\ProgramData\USOShared
2017-06-14 16:44 - 2017-07-10 18:44 - 00000000 ____D C:\Users\Heather
2017-06-14 16:44 - 2017-06-18 14:44 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-14 16:44 - 2017-06-14 17:22 - 00000000 ____D C:\Users\Guest
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Heather\My Documents
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Heather\Documents\My Videos
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Heather\Documents\My Pictures
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Heather\Documents\My Music
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Guest\My Documents
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-06-14 16:44 - 2017-06-14 16:44 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-06-14 16:43 - 2017-06-20 10:05 - 01077904 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-14 16:42 - 2017-06-14 16:42 - 00975864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-14 16:42 - 2017-06-14 16:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-14 16:41 - 2017-07-10 18:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-14 16:41 - 2017-06-14 16:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-06-14 16:41 - 2017-06-14 16:49 - 00000000 ____D C:\Program Files\Intel
2017-06-14 16:41 - 2017-06-14 16:41 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-14 16:41 - 2017-06-14 16:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-06-14 16:41 - 2017-06-14 16:41 - 00000000 ____D C:\Program Files\Synaptics
2017-06-14 16:41 - 2017-06-14 16:41 - 00000000 ____D C:\Program Files\Realtek
2017-06-14 16:41 - 2017-06-14 16:41 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-14 16:41 - 2016-12-02 08:34 - 00099880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-14 16:40 - 2017-06-14 16:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-06-14 16:40 - 2017-03-18 13:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-14 16:37 - 2017-07-11 11:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 15:54 - 2017-06-14 15:54 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 13:03 - 2017-06-14 13:04 - 00221243 _____ C:\Users\Heather\Desktop\Castro rst for may.pdf
2017-06-14 13:03 - 2017-06-14 13:03 - 00220625 _____ C:\Users\Heather\Desktop\Castro rst for june .pdf
2017-06-14 13:01 - 2017-06-14 13:01 - 00259432 _____ C:\Users\Heather\Downloads\newest rst for june .pdf
2017-06-14 13:00 - 2017-06-14 13:00 - 00260079 _____ C:\Users\Heather\Downloads\newest rst for may.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-11 11:55 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-11 08:58 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-07-11 08:58 - 2016-11-19 10:26 - 00000000 ____D C:\Users\Heather\AppData\LocalLow\Mozilla
2017-07-10 18:43 - 2015-04-24 16:06 - 00000000 ____D C:\ProgramData\IObit
2017-07-10 18:42 - 2016-07-27 00:02 - 00000000 __SHD C:\Users\Heather\IntelGraphicsProfiles
2017-07-10 18:41 - 2017-03-18 04:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-10 18:40 - 2015-03-14 16:02 - 00000000 ____D C:\Users\Heather\AppData\Local\CrashDumps
2017-07-10 18:35 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-10 18:35 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-10 18:28 - 2016-11-10 19:53 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-07-10 18:23 - 2017-06-05 20:41 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHeather.job
2017-07-10 18:23 - 2015-01-30 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-10 17:57 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-10 12:47 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-10 12:47 - 2015-12-08 19:42 - 00000000 ____D C:\WINDOWS\pss
2017-07-10 12:32 - 2015-01-31 00:20 - 00000000 ___RD C:\Users\Heather\Google Drive
2017-07-10 12:10 - 2016-11-15 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-10 11:34 - 2016-07-26 20:31 - 00000000 ____D C:\Users\Heather\AppData\Local\Packages
2017-07-10 11:20 - 2017-03-02 22:14 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmazonAssistant.lnk
2017-07-09 19:02 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-05 17:31 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-04 12:27 - 2016-02-24 14:02 - 00158888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-07-04 00:14 - 2015-01-31 00:08 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-07-02 09:59 - 2016-02-24 14:05 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

CutMeIn · Jul 11, 2017

283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-02 09:59 - 2016-02-24 14:05 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-02 09:43 - 2015-10-31 11:57 - 00000000 ____D C:\ProgramData\Skype
2017-06-21 11:10 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-21 11:10 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-20 09:41 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-20 09:34 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 09:32 - 2015-02-07 18:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-20 01:26 - 2016-09-11 18:24 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Google
2017-06-16 14:23 - 2016-09-29 11:27 - 00000000 ____D C:\Users\Heather\AppData\Local\ConnectedDevicesPlatform
2017-06-16 13:47 - 2016-07-26 20:43 - 00002425 _____ C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-16 13:47 - 2016-07-26 20:43 - 00000000 ___RD C:\Users\Heather\OneDrive
2017-06-16 13:39 - 2016-07-26 20:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 17:43 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-15 17:43 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 11:46 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-15 10:58 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-14 19:33 - 2017-06-06 13:58 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-14 19:32 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 17:36 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-14 17:29 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-14 17:28 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-14 17:28 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-14 17:26 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-14 17:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-14 17:16 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-14 17:15 - 2016-07-26 20:02 - 00027524 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-14 17:14 - 2017-03-18 14:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-14 17:14 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-14 17:14 - 2017-03-18 13:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-06-14 17:14 - 2017-03-18 13:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-06-14 17:14 - 2017-03-18 13:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-06-14 17:14 - 2017-03-18 13:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-06-14 17:14 - 2017-03-18 13:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-14 17:14 - 2017-03-18 13:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-14 17:14 - 2017-03-18 13:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-14 17:14 - 2017-03-18 13:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-06-14 17:14 - 2017-03-18 13:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-06-14 17:14 - 2017-03-18 13:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-06-14 17:14 - 2017-03-18 13:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-06-14 17:13 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-14 17:13 - 2017-03-18 13:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-06-14 17:13 - 2017-03-18 13:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-06-14 17:13 - 2017-03-18 13:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-06-14 17:13 - 2017-03-18 13:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-06-14 17:13 - 2017-03-18 13:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-06-14 17:13 - 2017-03-18 13:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-06-14 17:13 - 2017-03-18 13:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-06-14 17:13 - 2017-03-18 13:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-06-14 17:13 - 2017-03-18 13:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-06-14 17:01 - 2017-06-05 15:36 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-14 17:01 - 2017-03-19 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivID ActivClient
2017-06-14 17:01 - 2017-03-18 19:28 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-06-14 17:01 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-14 17:01 - 2017-01-28 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-06-14 17:01 - 2016-08-23 18:51 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-06-14 17:01 - 2016-05-30 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-14 17:01 - 2016-05-30 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-06-14 17:01 - 2016-02-24 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-06-14 17:01 - 2016-01-02 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-06-14 17:01 - 2015-12-08 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-06-14 17:01 - 2015-12-08 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2017-06-14 17:01 - 2015-09-20 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2017-06-14 17:01 - 2015-05-27 17:12 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive
2017-06-14 17:01 - 2015-04-29 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
2017-06-14 17:01 - 2015-03-14 13:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-06-14 17:01 - 2015-03-13 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Lotus Forms Viewer 3.5
2017-06-14 17:01 - 2015-03-10 17:32 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2017-06-14 17:01 - 2015-03-10 17:32 - 00000000 ____D C:\WINDOWS\system32\vbox
2017-06-14 17:01 - 2015-03-10 10:59 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riverpoint Writer
2017-06-14 17:01 - 2015-02-20 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2017-06-14 17:01 - 2015-02-07 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-06-14 17:01 - 2015-02-03 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 17:01 - 2015-01-31 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApproveIt Desktop
2017-06-14 17:01 - 2015-01-31 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Forms Viewer 4.0
2017-06-14 17:01 - 2015-01-31 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-14 17:01 - 2015-01-31 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-06-14 17:01 - 2014-09-29 04:18 - 00000000 ____D C:\WINDOWS\system32\Microsoft.VC80.MFC
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\tr
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\sv
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\sk
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\ru
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\pl
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\no
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\nl
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\it
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\hu
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\fr
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\fi
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\es
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\el
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\de
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\da
2017-06-14 17:01 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\cs
2017-06-14 17:01 - 2014-05-20 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2017-06-14 17:01 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-14 16:53 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-06-14 16:53 - 2016-05-30 14:41 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2017-06-14 16:53 - 2014-09-29 04:17 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-14 16:52 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-14 16:52 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-06-14 16:50 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\schemas
2017-06-14 16:50 - 2017-03-17 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-14 16:50 - 2015-12-08 20:16 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-14 16:49 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-14 16:49 - 2017-01-28 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-06-14 16:49 - 2016-11-20 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fedora
2017-06-14 16:49 - 2016-11-16 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2017-06-14 16:49 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-06-14 16:48 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-14 16:48 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-14 16:47 - 2016-09-05 11:22 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DoD-PKE
2017-06-14 16:42 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-14 15:22 - 2016-07-27 03:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 15:22 - 2016-07-27 03:21 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 15:21 - 2015-02-03 00:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 15:21 - 2015-02-03 00:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-11 17:44 - 2017-03-17 12:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-11 17:26 - 2016-03-22 23:02 - 00001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

==================== Files in the root of some directories =======

2015-11-19 16:17 - 2015-11-19 16:34 - 0000115 _____ () C:\Users\Heather\AppData\Roaming\LogFile.txt
2015-01-31 12:11 - 2015-01-31 12:11 - 0007606 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2016-07-26 18:14 - 2016-07-26 18:14 - 0000000 _____ () C:\Users\Heather\AppData\Local\{4E4BC093-A90B-4AF8-A557-4C5EFF1711A7}
2017-06-14 16:41 - 2017-06-14 16:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-30 14:29 - 2016-05-30 14:46 - 0000848 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Heather\CTX.DAT

Some files in TEMP:
====================
2017-07-10 17:00 - 2017-03-18 13:57 - 1930320 _____ (Microsoft Corporation) C:\Users\Heather\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-09 20:00

==================== End of FRST.txt ============================

CutMeIn · Jul 11, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by Heather (11-07-2017 12:03:02)
Running from C:\Users\Heather\Downloads
Windows 10 Pro Version 1703 (X64) (2017-06-15 00:27:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1820616416-2687940189-4037331366-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1820616416-2687940189-4037331366-503 - Limited - Disabled)
Guest (S-1-5-21-1820616416-2687940189-4037331366-501 - Limited - Disabled) => C:\Users\Guest
Heather (S-1-5-21-1820616416-2687940189-4037331366-1000 - Administrator - Enabled) => C:\Users\Heather
HomeGroupUser$ (S-1-5-21-1820616416-2687940189-4037331366-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_eDocs (HKLM-x32\...\{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (HKLM-x32\...\{69754D89-C21E-4851-83C0-399DE63C6579}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909n (HKLM-x32\...\{3CC19F30-6722-432D-8D76-81BD01212586}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
ActivID ActivClient x64 (HKLM\...\{BCE4067B-9B40-4316-9235-6A1EEAD55622}) (Version: 7.1.0 - HID Global Corporation)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION
Amazon Cloud Drive (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\Amazon Cloud Drive) (Version: 2.3.5.12 - Amazon Digital Services, LLC.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BPD_DSWizards (HKLM-x32\...\{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (HKLM-x32\...\{3D73DC7A-2D1D-45CF-8A67-24873925C716}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{AD0AA962-111E-41D5-A705-0E3D9178A661}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
ColorPage-SF600 (HKLM-x32\...\{B4E7F461-FF8E-40BB-9CC1-B82DBDE97710}) (Version: v. 3.0 - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
e-Sign Desktop 6.6 (HKLM-x32\...\{F39BD95B-5B9E-4E83-96C4-D4667FD061C6}) (Version: 6.60.3.1000 - Silanis Technology Inc.)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8500 A909 Series (HKLM\...\{F86D9734-D358-4C5B-BC2B-6D90557FF05B}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
IBM Forms Viewer 4.0.0 (HKLM-x32\...\{48462CC7-7DF3-4107-9459-12D3A11C6D80}) (Version: 4.0.0.3 - IBM)
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
InstallRoot (HKLM-x32\...\{9F573FEA-E9C0-4AA5-B14C-943AB9FD25EA}) (Version: 5.0 - DoD PKE)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MPM (HKLM-x32\...\{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0409-1000-0000000FF1CE}) (Version: 15.0.4937.1000 - Microsoft Corporation) Hidden
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Personal Ancestral File Companion 5.1 (HKLM-x32\...\Personal Ancestral File Companion 5.1) (Version: - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
ProductContext (HKLM-x32\...\{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}) (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
RogueKiller version 12.11.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.6.0 - Adlice Software)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Smart Card Manager (HKLM-x32\...\Smart Card Manager) (Version: 1.0.1-6-2 - nabber.org)
Smart Card Manager 1.0.1-6 (HKLM-x32\...\Smart Card Manager_is1) (Version: - Fedora)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.14C - TOSHIBA CORPORATION)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\WinDirStat) (Version: - )
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.17 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)
ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll -> No File
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)
ContextMenuHandlers01: [CtxMenu Class] -> {AC964C74-B3A6-4514-A10C-E264F90FC403} => -> No File
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-02] (Intel Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-25] (AVAST Software)
ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032EE9E1-AA97-4B81-AB8A-29024D0D8DFB} - System32\Tasks\HPCeeScheduleForHeather => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {0E66AA68-F434-4817-914B-74CFE3F98AFA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {1383D633-8CB1-4CAF-9214-2571ABF7BB3F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1986DBAB-CFF9-466B-9993-F9ED71855B01} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-05-12] (AVAST Software)
Task: {1A12B96B-0CEB-4FC0-B33A-95EFBEDF7C78} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1A94F5AA-32F2-4BBB-9907-40418F5A7A2F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1E64C0F0-5AD4-45FE-B89E-67EFD3CFE46E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1ED10294-549C-4C04-ADEF-EA931BD1520A} - System32\Tasks\EPSON XP-310 Series Update {17541BBD-1B03-47D1-8690-B40CEC590190} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {21E9F172-2CAE-43ED-80A5-A3720369F404} - System32\Tasks\{6EC419E6-A19A-46C9-B591-F14696C273E2} => pcalua.exe -a C:\Users\Heather\AppData\Local\Temp\Temp1_InstallRoot_v3.16a.zip\InstallRoot_v3.16A.exe <==== ATTENTION
Task: {28CACBD0-D65F-49C8-BA70-BB91A8B5218C} - System32\Tasks\{5BF0ECBE-31E6-472D-9912-B34C91FCBD3C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {2C853E53-F264-4AAC-8087-827BB9182527} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {2CAAE724-8010-4884-B630-B29B8C3E4FDC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {2E0890DA-26F5-4B6E-8988-C5C7B416B089} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EC391FB-406D-464F-B71A-D9423413A25D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3307D2EA-84E9-4A13-B5DB-8E15D993EEBA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {33A1E619-576F-4B67-AA51-88549FF80EEE} - System32\Tasks\{3B98D546-C6F6-49D4-96E6-07A5E3A1E394} => pcalua.exe -a "C:\Users\Heather\AppData\Local\Temp\Temp1_SF600W7.zip\SF600 Wins 7\Setup.exe" <==== ATTENTION
Task: {353B8FA9-EDA8-4D99-8091-AD88CC1B0FFE} - System32\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {38B2B074-51DF-4B26-9632-6EE03AB6F02E} - System32\Tasks\{66A8A807-6128-46E2-842A-EAF1BFB404FA} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {3DF4EE25-0127-4BE6-ABEC-2FC6370BA327} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {3F99C1DC-B67A-48F3-AD2C-0BE83C9D1792} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {473294E0-1018-4B80-94A2-98E41DA4B0A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {47BE5E83-03DB-4190-86F3-F355ADEF7862} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4A6E887A-C5D4-4452-A41B-96DDB96602AB} - System32\Tasks\{C3422FB5-A013-4440-8EB1-CBDA1B141699} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {4F09E022-7EB5-4310-A44B-367108C3E666} - System32\Tasks\EPSON XP-310 Series Invitation {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {5187FF54-8BBC-43B8-8A12-D936661C3A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {53C3DB97-F36F-40BE-835D-1B695D6EEE88} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53EDE98B-FEBF-460B-A712-AFC377E817B9} - System32\Tasks\{3FA0A656-15A3-40F9-8125-C97658AD59CD} => pcalua.exe -a C:\Users\Heather\Documents\e-Sign_6.6\instmsi.exe -d C:\Users\Heather\Documents\e-Sign_6.6
Task: {5954CC87-EF29-414A-8BA4-06C176C56D78} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {5DBD351B-CBDB-4418-806E-31331CC07764} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {605AF760-FF7E-4B17-979F-5ABA5C0599D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {62E91751-9B0E-4459-8CE4-70A5BB0D0830} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {6496F1FC-301D-4FB1-8355-0724AB4483A8} - System32\Tasks\SafeZone scheduled Autoupdate 1458712920 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {66DEC70A-2692-49F6-9CD4-46392BFA376A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {6A1BB65A-0115-4EE2-BE9D-B4E70A67888A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6C576566-91B1-490A-8C14-EDBCD6789D74} - System32\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {731A7C5A-3CC3-4088-BE34-729ED452E820} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7889220C-63D9-41E9-8FDA-A7286C5D7753} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {7EAC28B9-A11A-4E8A-9B90-FB2FCE50763E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {810FF05D-119C-4985-94E6-FC4DF72B8DDE} - System32\Tasks\{7F0B2039-5BA3-4B9F-A5BF-E8C3997666DD} => pcalua.exe -a C:\Users\Heather\AppData\Local\Temp\Temp1_SF600_V3.zip\CP-SF600_V.3.0\setup.exe <==== ATTENTION
Task: {827C4B7C-A215-4DAE-9B4F-F8DFCDD00C06} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {83E18DE6-AD0E-4EA1-BEC3-97CB658E875A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8736294E-10F7-44B1-B10E-29A14870FAEA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {88430C0A-A43C-418B-B67A-42D64AC44B93} - System32\Tasks\EPSON XP-310 Series Invitation {12C324E4-2D15-4A9E-8AA3-FD615C950D23} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {887C2870-2587-4EE8-9BEC-8A01A0E571CA} - System32\Tasks\{DA9DDD5E-234E-4782-8BF1-781DA6F6757C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {893012BF-D37A-4FC9-A19D-D4E8536F7A61} - System32\Tasks\{8F8DC693-3AAD-470B-BAB2-E2E0AB42F8FF} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe"
Task: {89D98063-650A-44F1-AD4C-03E0EFDE60C8} - System32\Tasks\EPSON XP-310 Series Invitation {17541BBD-1B03-47D1-8690-B40CEC590190} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8D12DB7D-AD19-480C-837D-E00741D6658A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F1E03C9-D9FF-4D86-8D9F-82280B66D4AD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {90B1C899-D7AE-403C-BE71-63EECD070531} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A37445D6-D5F5-4867-8217-03BFAB49489A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6C60B0B-968F-419C-957E-3E3503F097D8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A72AAE77-555E-45CD-838F-C123545F84DF} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {AAB04F9D-3A80-472E-B150-BC39AD5C75A3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD0A3D32-1866-4623-AA65-96C411A21896} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {AEF2ADF2-8F79-4431-BB88-141607EEB150} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B2CA2EE5-857E-4724-A13B-B0AA5433E13D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7CCE55E-0452-4A6D-A16B-466AEDC62662} - System32\Tasks\EPSON XP-310 Series Update {12C324E4-2D15-4A9E-8AA3-FD615C950D23} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B8034363-6960-40EB-8B22-F6433EEC0552} - System32\Tasks\{5D0E5665-A81A-4126-9962-BF663DCEC37E} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {BB53CA23-E591-4F73-BD2A-041FD5CBC783} - System32\Tasks\EPSON XP-310 Series Invitation {E285F971-3921-479A-8619-A41349396DFD} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {BB57090F-201D-4A6F-B12F-4E115DAF1768} - System32\Tasks\{32DC09B6-6D58-417F-A947-929E8534B41C} => C:\Program Files (x86)\ColorPage-SF600\DigiScan.exe
Task: {C31D26E5-FF7F-4DC7-9D68-4037840D0B94} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C4AC806B-559D-43A4-ACB6-B532A41936DA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C52E051E-CD06-4264-8F76-8DEAF7C67C7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5944746-2DFC-4578-B579-939B6B6F4263} - System32\Tasks\EPSON XP-310 Series Update {A608DEE5-743B-4039-87F8-12F2E2D4D097} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C5B3C5AE-E9C5-4BE2-874B-8137787CDAA4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6E34B7E-D3D8-4DEA-9649-7C2911E346FE} - System32\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C81143E5-5DC8-40C5-96E6-D2A617C68A91} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C99B4B31-180E-4050-AE71-2086F37F1E4A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D13014EA-A3AC-40C0-97AB-2B7CAED75F93} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D2541D42-0938-4FB6-A837-76D723C93C68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D52B1507-B4D7-4A37-A7F6-9F0B896BA86B} - System32\Tasks\EPSON XP-310 Series Update {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D76FC3CD-1E32-4255-B956-7E3DFEC4217B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D89ED83E-4D3B-4E7C-A427-6E903C625538} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {D8EFBA13-95B1-47A8-8A54-2134A92B7F4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-21] (Adobe Systems Incorporated)
Task: {D9EE52A3-110D-4472-9A1B-D5D226A9E0A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBA8D983-FE7D-40F5-801C-736F3AE8D225} - System32\Tasks\EPSON XP-310 Series Invitation {A608DEE5-743B-4039-87F8-12F2E2D4D097} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DBF712CF-4B42-4E71-8EB1-7214C1EF809A} - System32\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DC9A9083-69EB-45E5-91A2-91B4F024CBBC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E6DE8884-F06F-4979-9B5C-517E9B5A8F08} - System32\Tasks\EPSON XP-310 Series Update {E285F971-3921-479A-8619-A41349396DFD} => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {E78951F9-136E-404B-A7A2-DB1A3CC0E553} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7CDA6AE-D2E4-49C9-BD12-8B03604CFDFB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E8B34326-2C74-432C-A8DA-039C8E7EB816} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {EE3B0E45-8EA5-46BF-BE0E-EB8AF5DE6C93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F108CC8D-400B-4C85-AFA5-5AD62BBD6CF4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F34701E3-B619-45C2-9D80-461D93535072} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-25] (AVAST Software)
Task: {FB89F4F1-DDD6-43D5-8DC5-FE9CBCCE8C03} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FD223737-B50A-495B-920E-04390CA89DD8} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {FD744948-E925-4B30-A422-B64BFE59ABDE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FDD8F0F3-D15C-4616-9BA2-A37D43A81D77} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FEF4BB1D-AEA2-4141-A7BD-25CB4870BCAD} - System32\Tasks\{2FC5FEA5-E0FA-4A35-A666-A90C6CA50DED} => pcalua.exe -a "C:\Users\Heather\Desktop\SF600 Wins 7\Setup.exe" -d "C:\Users\Heather\Desktop\SF600 Wins 7"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {12C324E4-2D15-4A9E-8AA3-FD615C950D23}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {17541BBD-1B03-47D1-8690-B40CEC590190}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {A608DEE5-743B-4039-87F8-12F2E2D4D097}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {E285F971-3921-479A-8619-A41349396DFD}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {12C324E4-2D15-4A9E-8AA3-FD615C950D23}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{12C324E4-2D15-4A9E-8AA3-FD615C950D23} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {17541BBD-1B03-47D1-8690-B40CEC590190}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{17541BBD-1B03-47D1-8690-B40CEC590190} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{5BE54761-B4B1-47A8-B1D6-4AAA0D0E8101} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {8A3FE365-CB04-46AF-93A5-00FA801EDC7B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{8A3FE365-CB04-46AF-93A5-00FA801EDC7B} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C89B4A7-19CA-43CB-A508-0ADF5E400CD3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{9C89B4A7-19CA-43CB-A508-0ADF5E400CD3} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {A608DEE5-743B-4039-87F8-12F2E2D4D097}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{A608DEE5-743B-4039-87F8-12F2E2D4D097} /F:UpdateWORKGROUP\HEATHER-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {E285F971-3921-479A-8619-A41349396DFD}.job => C:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{E285F971-3921-479A-8619-A41349396DFD} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHeather.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

CutMeIn · Jul 11, 2017

==================== Loaded Modules (Whitelisted) ==============

2015-02-07 18:07 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-06-14 13:11 - 2017-06-14 13:11 - 00104624 _____ () C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
2017-07-10 18:12 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-09-21 10:15 - 2016-09-21 10:15 - 00170184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2017-06-20 09:29 - 2017-06-20 09:29 - 00402624 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream64.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-04-24 16:07 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-05-25 12:25 - 2017-05-25 12:25 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-25 12:26 - 2017-05-25 12:26 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-25 12:26 - 2017-05-25 12:26 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-25 12:26 - 2017-05-25 12:26 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-25 12:26 - 2017-05-25 12:26 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-25 12:25 - 2017-05-25 12:25 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-25 12:26 - 2017-05-25 12:26 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-09-29 04:01 - 2013-12-10 07:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-23 11:14 - 2017-01-31 03:14 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\militarycac.com -> hxxps://militarycac.com
IE trusted site: HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\...\osd.mil%22 -> osd.mil%22

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1820616416-2687940189-4037331366-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\WINDOWS\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: BatteryManager => %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
MSCONFIG\startupreg: TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFA18497-81E5-4F32-890B-1C2CC6B4CC3C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{CF8852B2-0A5C-4F74-9A6F-1ABBD45484EC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{EEDFD925-44E4-4741-AEB9-C859FB59381F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D9696D48-2DDA-46A1-85F3-39E8F62D7532}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{BF3EB2FD-545C-4B0C-B71A-D68DD2B83DA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{15292CBA-E1DD-4761-8B2B-836E7D432927}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A2BD48CB-A7E3-484F-83FA-FE0CBE4A3350}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B8FB799A-AB66-40F3-8F95-5083452294FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8386C2CC-FD54-4A95-906D-4518D0D7EF98}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{F300B1B1-04DC-456F-A120-B5AB33246604}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C5CF5C20-2D22-4522-B0C7-4E855206FEF0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{44ADD817-20C1-44BE-8754-81CA05163383}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4C852BAA-E43D-4195-B534-3851C48419A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{E690CB49-D4F9-4A70-BAF4-AC63C5453E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FA14BF4A-6A45-43F0-BB24-C947D4D7EBAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{38F79887-E7C5-477E-85D3-A1E266C59AFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D3F5BDB8-5B74-47AD-82A5-2A850A03FAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{437E652E-6754-447F-B74B-DC4D00EB3412}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{F5D72BF8-76AC-48A1-90BE-99B8EA6FD777}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5A4BE32D-8678-4C56-AE33-980D03F56031}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{74804F4E-D6DD-4752-8311-FDA9DB500938}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE81CC1A-AEFE-4766-847E-99E0F4A9A906}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{04EEAAF9-4717-4183-8FB5-2FFF90280434}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{15A32223-7135-4DEA-BAFA-6965AC6B9DDC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A0CCD68C-31C3-465B-B1BA-40FFCC80DB43}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C0D629AA-E6D9-4AFA-85EF-23E223ACE138}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5027CB7F-283E-4DF5-A7D2-C4C0034C7C41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{107CCEDA-E222-4DD4-B5D0-F209EB2D0EA6}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{61C73778-460A-46CE-B82C-7B6DB6C1F776}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{EA5764A8-1020-46BB-AE6B-6700FE3664F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B9D4F0AA-E22A-4653-967A-311097D44074}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D75A00AA-C9C3-4EFC-ACC2-A360D62F3DA3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{90281FFA-5A4A-44B0-9F60-7A538169D00B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7C0310C1-F3F2-4E06-914E-A34C314092B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AC6A2D46-06DB-4FE5-B715-7A4DE718DE7C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0DFFF021-ECEC-4ADC-B619-CA66995D1FDE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4DA27428-90A5-487A-8E59-93B764C8707A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA5D44CD-7353-413C-8556-5A43939191E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E70803C-9835-4A42-BC47-81D30415282A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-06-2017 18:37:22 Scheduled Checkpoint
02-07-2017 11:01:31 Scheduled Checkpoint
09-07-2017 20:13:06 Scheduled Checkpoint
10-07-2017 19:10:14 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2017 08:54:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEATHER-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/10/2017 06:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x2670
Faulting application start time: 0x01d2f9e6b3636c5e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: 3c690d1c-7d52-4f86-b8bd-78fed3a191a6
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:40:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x00001868
Faulting process id: 0x3618
Faulting application start time: 0x01d2f9e6ade8db49
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 2448cae5-4c24-49ef-a331-6b870f5ae749
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:40:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x2ca0
Faulting application start time: 0x01d2f9e6abf535a8
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: b25d2a60-e774-4fa1-9410-37dda3d6845e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:40:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x174c
Faulting application start time: 0x01d2f9e6a3d891f0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: d361d090-3be3-4405-b2ba-db714ae104d5
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:40:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x21c8
Faulting application start time: 0x01d2f9e69d9fa5ad
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: 461da875-46ac-4883-8c58-e70b35eb1a4e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:39:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.1068, time stamp: 0x59125d35
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x58ed4d4f
Exception code: 0xc0000005
Fault offset: 0x00001868
Faulting process id: 0x1134
Faulting application start time: 0x01d2f9e69770ff46
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 09cf2e72-e5b1-40f9-bfc6-c6266ca50adc
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x284c
Faulting application start time: 0x01d2f9e695b09150
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: cd491cec-53cc-4a27-a903-e6f5163647cf
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:39:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x36cc
Faulting application start time: 0x01d2f9e683cc5691
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: 3d8fd76d-6637-445e-b850-fadeb24deaf7
Faulting package full name:
Faulting package-relative application ID:

Error: (07/10/2017 06:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: mbae-api-na.dll, version: 1.9.4.228, time stamp: 0x59271dee
Exception code: 0xc0000409
Fault offset: 0x0000000000124c6f
Faulting process id: 0x2878
Faulting application start time: 0x01d2f9e67812ddff
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbae-api-na.dll
Report Id: 222681c0-0aa5-49cb-a450-d9e84ccf2685
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/11/2017 08:53:53 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.5 with the system
having network hardware address A4-77-33-78-DC-98. Network operations on this system may
be disrupted as a result.

Error: (07/10/2017 07:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ActivID Shared Store Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/10/2017 06:42:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 06:42:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/10/2017 06:42:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (07/10/2017 06:41:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/10/2017 06:40:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/10/2017 06:40:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/10/2017 06:40:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/10/2017 06:40:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2017-06-24 15:54:11.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.170
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:11.053
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:05.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-24 15:54:02.261
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-21 11:32:16.572
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2017-06-21 11:32:16.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 61%
Total physical RAM: 6056.69 MB
Available physical RAM: 2345.87 MB
Total Virtual: 12200.69 MB
Available Virtual: 8037.92 MB

==================== Drives ================================

Drive c: (TI10695800D) (Fixed) (Total:919.58 GB) (Free:815.47 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 7E44A330)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=919.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=860 MB) - (Type=27)
Partition 4: (Not Active) - (Size=9.6 GB) - (Type=17)

==================== End of Addition.txt ============================

Broni · Jul 11, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

CutMeIn · Jul 11, 2017

CutMeIn · Jul 11, 2017

What do you want me to do? Options are fix automatically and ignore. this came up after I started the fix. Also, the malware keeps making my desktop icons for the tools I am downloading disappear. I placed them in a folder except the FRST and fixlist on the desktop.

Broni · Jul 11, 2017

Disable Avast temporarily and run the fix.
This is false positive.

CutMeIn · Jul 11, 2017

Attached due to alert. Pop-up's have stopped.

Solved C:\ Program Files (x86)\Amazon\Amazon Assistent\aa.hta

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Attachments

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Attachments

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Attachments

Similar threads