Solved Installed a new app carelessly, now Chrome keeps crashing. Windows 10 machine.

losdavos

losdavos

Posts: 128   +0
Hi saints and heroes of this forum,
I wanted screen recording software and I foolishly clicked on the first search result and installed it, AND I didn't even pay attention to the prompts in the download--so I ended up also installing, for one thing, the Chromium browser, and at least in it, my search engine default got changed, and I think some other junk got installed too. The main problem now though is that Chrome keeps crashing, which never used to happen. Here are my first two logs. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by david (administrator) on DESKTOP-SJCC05S (19-03-2018 23:05:54)
Running from C:\Users\david\Desktop
Loaded Profiles: defaultuser0 & david (Available Profiles: defaultuser0 & david)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxEM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
() C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SweetLabs, Inc) C:\Users\david\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\david\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779776 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [APP] => C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe [963376 2016-10-27] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-496208758-1336597500-3847832748-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [Chromium] => c:\users\david\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [GoogleChromeAutoLaunch_C8D43A3EEFF19C42AA31C68EEE7A5AF4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-03-19]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
BootExecute: autocheck autochk * aswBoot.exe /M:22d8c16de0b /wow /dir:"c:\program files\avast software\avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{fb767e3b-2f6d-46f1-8391-1b215f747acc}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LSJE
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> DefaultScope {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-19] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1wqdrufm.default
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\1wqdrufm.default [2018-03-19]
FF Extension: (Avast Online Security) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\1wqdrufm.default\Extensions\wrc@avast.com.xpi [2018-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2018-03-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=MFA928959-4827-422B-8464-8E9E80937193&SearchSource=55&CUI=&UM=6&UP=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2018-03-19]
CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-28]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-28]
CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-16]
CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-05-02]
CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-04]
CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-05-02]
CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-29]
CHR Extension: (Avast Online Security) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-19]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2018-02-08]
CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-02-16]
CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2017-05-02]
CHR Extension: (Boomerang for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR HKU\S-1-5-21-496208758-1336597500-3847832748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"mfesapsn" => service could not be unlocked. <==== ATTENTION

S2 0160621521484925mcinstcleanup; C:\Users\david\AppData\Local\Temp\016062~1.EXE [1031928 2018-03-19] (McAfee, Inc.) <==== ATTENTION
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 DAXAPI; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [147760 2016-10-27] ()
 
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2211448 2016-11-08] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [208320 2017-05-24] (VoiceFive, Inc.) <==== ATTENTION
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1601176 2016-12-07] (Wacom Technology, Corp.)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-11-22] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-19] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-19] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-19] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-19] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-19] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-19] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-19] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-19] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-19] (AVAST Software)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72592 2016-10-24] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67984 2016-10-24] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355216 2016-10-24] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
U1 lpsport; C:\Windows\System32\Drivers\lpsport.sys [61304 2018-03-19] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149832 2016-10-07] (Realtek Semiconductor Corp.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [132248 2016-12-07] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)
S5 mfesapsn; <==== ATTENTION: Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 23:05 - 2018-03-19 23:06 - 000019823 _____ C:\Users\david\Desktop\FRST.txt
2018-03-19 23:01 - 2018-03-19 23:05 - 000000000 ____D C:\FRST
2018-03-19 23:01 - 2018-03-19 23:01 - 000000000 ____D C:\Users\david\Desktop\FRST-OlderVersion
2018-03-19 22:56 - 2018-03-19 23:01 - 002403328 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2018-03-19 14:59 - 2018-03-19 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
2018-03-19 14:52 - 2018-03-19 14:52 - 000000000 ___HD C:\OneDriveTemp
2018-03-19 14:48 - 2018-03-19 14:48 - 000000000 ____D C:\Users\david\AppData\LocalLow\Oracle
2018-03-19 14:45 - 2018-03-19 14:45 - 000000000 ___HD C:\$AV_ASW
2018-03-19 14:45 - 2018-03-19 14:45 - 000000000 ____D C:\Users\david\AppData\Roaming\AVAST Software
2018-03-19 14:44 - 2018-03-19 22:45 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2018-03-19 14:44 - 2017-05-24 17:02 - 001182656 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll
2018-03-19 14:44 - 2017-05-24 17:02 - 000784832 _____ (VoiceFive, Inc.) C:\WINDOWS\SysWOW64\pmls.dll
2018-03-19 14:43 - 2018-03-19 14:55 - 000000000 ____D C:\Users\david\AppData\Local\chromium
2018-03-19 14:43 - 2018-03-19 14:43 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-19 14:43 - 2018-03-19 14:43 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-19 14:43 - 2018-03-19 14:43 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-19 14:43 - 2018-03-19 14:43 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-19 14:43 - 2018-03-19 14:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-19 14:43 - 2018-03-19 14:43 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-19 14:43 - 2018-03-19 14:42 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-19 14:42 - 2018-03-19 18:42 - 000000000 ____D C:\ProgramData\{939256F1-19D0-DC37-9F16-42750554C9BB}
2018-03-19 14:42 - 2018-03-19 15:02 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-19 14:42 - 2018-03-19 14:55 - 000000000 ____D C:\Users\david\AppData\Local\{08E93EB5-2C41-520D-41D9-77E565B18B7D}
2018-03-19 14:42 - 2018-03-19 14:42 - 000000526 _____ C:\WINDOWS\Tasks\Yahoo! Powered namil.job
2018-03-19 14:42 - 2018-03-19 14:42 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-19 14:41 - 2018-03-19 14:41 - 000000000 ____D C:\ProgramData\McAfee
2018-03-19 14:41 - 2018-03-19 14:41 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-03-17 21:04 - 2018-03-17 21:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-17 21:04 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-14 02:12 - 2018-03-14 02:12 - 1258490802 _____ C:\WINDOWS\MEMORY.DMP
2018-03-13 15:23 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 15:23 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 15:23 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 15:23 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 15:23 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 15:23 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 15:23 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 15:23 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 15:23 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 15:23 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 15:23 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 15:23 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 15:23 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 15:23 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 15:23 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 15:23 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 15:23 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 15:23 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 15:23 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 15:23 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 15:23 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 15:23 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 15:23 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 15:23 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 15:23 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 15:23 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 15:23 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 15:23 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 15:23 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 15:23 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 15:23 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 15:23 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 15:23 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 15:23 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 15:23 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 15:23 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 15:23 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 15:23 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 15:23 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 15:23 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 15:23 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 15:23 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 15:23 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 15:23 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 15:23 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 15:23 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 15:23 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 15:23 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 15:23 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 15:23 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 15:23 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 15:23 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 15:23 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 15:23 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 15:23 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 15:23 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 15:23 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 15:23 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 15:23 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 15:23 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 15:23 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 15:23 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 15:23 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 15:23 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 15:23 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 15:23 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 15:23 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 15:23 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 15:23 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 15:23 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 15:23 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 15:23 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 15:23 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 15:23 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 15:23 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 15:23 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 15:23 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 15:23 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 15:23 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 15:23 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 15:23 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 15:23 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 15:23 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 15:23 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 15:23 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 15:23 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 15:23 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 15:23 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 15:23 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 15:23 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 15:23 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 15:23 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 15:23 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 15:23 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 15:23 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 15:23 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 15:23 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 15:23 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 15:23 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 15:23 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 15:23 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 15:23 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 15:23 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 15:23 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 15:23 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 15:23 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 15:23 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 15:23 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 15:23 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 15:23 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 15:23 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 15:23 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 15:23 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 15:23 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 15:23 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 15:23 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 13:51 - 2018-03-13 13:51 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-02-19 11:56 - 2018-02-20 15:56 - 000000000 ____D C:\Users\david\Downloads\album
2018-02-17 09:37 - 2018-02-22 08:35 - 000001436 _____ C:\Users\david\Desktop\Roblox Player.lnk
2018-02-17 09:37 - 2018-02-22 08:35 - 000001251 _____ C:\Users\david\Desktop\Roblox Studio.lnk
2018-02-17 09:37 - 2018-02-22 08:35 - 000000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-02-17 09:37 - 2018-02-17 09:46 - 000000251 _____ C:\Users\david\AppData\LocalLow\rbxcsettings.rbx
2018-02-17 09:37 - 2018-02-17 09:38 - 000000000 ____D C:\Users\david\AppData\Local\Roblox
2018-02-17 09:37 - 2018-02-17 09:37 - 000822328 _____ (Roblox Corporation) C:\Users\david\Downloads\RobloxPlayerLauncher.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-19 22:46 - 2017-11-05 17:57 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{445FAEA0-50E8-47A6-BEE9-E6166E90469D}
2018-03-19 22:43 - 2017-11-05 17:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-19 21:59 - 2017-04-27 02:35 - 000000000 ____D C:\Users\david\AppData\Local\Host App Service
2018-03-19 18:53 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-19 15:00 - 2017-04-27 02:43 - 000046708 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-19 14:53 - 2017-05-19 15:15 - 000000000 ___RD C:\Users\david\Google Drive
2018-03-19 14:52 - 2017-04-27 02:39 - 000000000 ___RD C:\Users\david\OneDrive
2018-03-19 14:52 - 2017-04-27 02:37 - 000000000 __SHD C:\Users\david\IntelGraphicsProfiles
2018-03-19 14:48 - 2017-12-23 12:36 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-03-19 14:48 - 2017-12-23 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-19 14:48 - 2017-12-23 12:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-19 14:47 - 2017-05-04 02:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-19 14:46 - 2017-11-05 17:54 - 000000000 ____D C:\Users\david\AppData\Local\Packages
2018-03-19 14:46 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-19 14:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-19 14:42 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
 
2018-03-19 14:42 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-18 16:10 - 2017-05-02 18:02 - 000000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-03-18 13:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 18:05 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 18:04 - 2017-04-11 10:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-14 02:21 - 2017-11-05 18:02 - 001183174 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-14 02:15 - 2017-11-05 17:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-14 02:15 - 2017-11-05 17:53 - 000000000 ____D C:\Users\david
2018-03-14 02:15 - 2017-11-05 17:52 - 000385288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 02:15 - 2017-09-29 04:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-14 02:15 - 2017-04-29 22:09 - 000000000 ___RD C:\Users\david\3D Objects
2018-03-14 02:15 - 2016-07-29 13:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 16:06 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 15:34 - 2017-04-29 16:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:26 - 2017-10-12 07:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 15:26 - 2017-04-29 16:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 15:24 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 15:24 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 13:51 - 2017-11-05 17:57 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 13:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 13:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-09 04:55 - 2017-11-05 17:57 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-496208758-1336597500-3847832748-1001
2018-03-09 04:55 - 2017-04-27 02:39 - 000002370 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-02 17:09 - 2017-09-29 09:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 17:09 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 15:13 - 2018-02-16 15:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-02 15:13 - 2017-09-29 09:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-02 13:15 - 2017-05-20 13:26 - 000000000 ____D C:\Users\david\AppData\Local\LenovoServiceBridge
2018-03-02 08:40 - 2017-10-05 09:43 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-03-02 08:40 - 2017-10-05 09:43 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-03-02 08:40 - 2017-10-05 09:43 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-02-28 04:46 - 2017-11-05 17:57 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 21:01 - 2017-09-07 11:52 - 000000000 ____D C:\Users\david\AppData\Roaming\audacity
2018-02-27 20:35 - 2017-04-28 10:32 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 20:35 - 2017-04-28 10:32 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 15:17 - 2017-05-03 16:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 08:42 - 2017-11-05 19:10 - 000000000 ____D C:\Users\david\AppData\Local\PlaceholderTileLogoFolder
2018-02-19 12:28 - 2018-02-10 01:06 - 000000000 ____D C:\Users\david\Downloads\OneDrive-2018-02-09

==================== Files in the root of some directories =======

2017-05-03 00:16 - 2017-05-03 00:16 - 000000036 _____ () C:\Users\david\AppData\Roaming\.360fly

Some files in TEMP:
====================
2018-03-19 14:42 - 2018-03-19 14:41 - 001031928 _____ (McAfee, Inc.) C:\Users\david\AppData\Local\Temp\0160621521484925mcinst.exe
2018-03-13 14:25 - 2018-03-13 14:25 - 021728328 _____ (SweetLabs,Inc.) C:\Users\david\AppData\Local\Temp\oct2909.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-18 13:46

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (19-03-2018 23:06:27)
Running from C:\Users\david\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-11-05 22:00:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-496208758-1336597500-3847832748-500 - Administrator - Disabled)
david (S-1-5-21-496208758-1336597500-3847832748-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-496208758-1336597500-3847832748-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-496208758-1336597500-3847832748-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-496208758-1336597500-3847832748-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-496208758-1336597500-3847832748-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360fly Director (HKLM-x32\...\{d08b9f7c-fadd-4d02-8411-4a31980a1d33}) (Version: 1.6.2.0 - 360fly, Inc.)
360fly Director (x64) (HKLM\...\{CDF4C697-ECCA-4A8E-8767-4A9A1AB48231}) (Version: 1.6.2.0 - 360fly, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Dolby Atmos Windows API SDK (HKLM\...\{8251506A-1856-4A1E-9CB0-7B2DC705558E}) (Version: 1.0.0.11 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3FC92273-FEF4-4C0B-9AF4-F38D747EB765}) (Version: 1.0.0.10 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo App Explorer (HKU\S-1-5-21-496208758-1336597500-3847832748-1000\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Host App Service) (Version: 0.273.2.540 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Service Bridge (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.9 - Lenovo)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.6 - Lenovo)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.407 - VoiceFive, Inc.) <==== ATTENTION
Roblox Player for david (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-23 - Wacom Technology Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxDTCM.dll [2017-11-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05571FF1-2F71-46F3-A9EE-CA88A976F1AC} - System32\Tasks\App Explorer => C:\Users\david\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-01-11] (SweetLabs, Inc) <==== ATTENTION
Task: {09CE0810-EBF8-48C3-8461-DBF38D27D77E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {10B3EAA7-623A-4AA0-9814-15AA9561368C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {18B6CE5F-A355-4309-9D51-48398A115F53} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-496208758-1336597500-3847832748-1001 => C:\Users\david\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-02-07] (Lenovo Group Limited)
Task: {2C77BC11-352F-4128-A5C3-0AD89E801877} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {304EB6BF-31D5-4193-9FE8-516F1FCB18E0} - \Yahoo! Powered namil -> No File <==== ATTENTION
Task: {42777121-565D-406D-B97A-59441E66ADDE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {4B7FE2D0-EC6E-422A-974C-D4C37C0E13EA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4E7BFB9A-C1AA-4255-BF51-17ABCA219992} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {591B0AC6-75B7-4556-8481-503A157F2BFF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {70282093-A5B0-4D93-947D-4D776930DF4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-28] (Google Inc.)
Task: {7D2038EB-9C97-4933-9453-BCF56B173671} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b57ad55a-2e1e-4719-8615-2e77e7fa7424 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {82A33B17-AB5F-4AB3-82C6-363530466B97} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {82DDBE91-3FF8-42DD-8A3E-7353DFDA0F0D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7a5912c7-1f8a-4160-8f26-33129f502786 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {8A5C51A5-9D2A-4F75-AB16-B9094D750151} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited)
Task: {9579D4CA-1482-4CEF-A905-A8F06F5C4FBD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-19] (AVAST Software)
Task: {96716C7F-54A3-4385-9C33-BE9A353139A9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-19] (AVAST Software)
Task: {C7C510CA-05F6-47D4-AD8E-9EB45B20C568} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-28] (Google Inc.)
Task: {D2D76899-7C7D-4E3C-9E67-5B04042C242F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-16] (Microsoft Corporation)
Task: {E31AAC04-7B5E-40FF-A3B0-14235446520D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\17e8f502-c397-473c-9490-7b1ea74a5065 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {F250ECD0-40E1-4CD3-AE24-3494F04A9B86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {F3F6C6AC-CDEC-4D8C-9B3E-5BE1581D3469} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {FCA37D09-E03E-47D1-A577-14F943FA6C38} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbb2a1f5-33d1-48bf-a564-133c0a7618cd => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Yahoo! Powered namil.job => C:\WINDOWS\system32\wscript.ex C:\ProgramData\{939256F1-19D0-DC37-9F16-42750554C9BB}\tara.txt <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2017-04-11 10:16 - 2015-06-27 05:34 - 000029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2016-10-27 06:40 - 2016-10-27 06:40 - 000147760 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
2016-10-27 06:40 - 2016-10-27 06:40 - 000292656 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
2016-10-27 06:40 - 2016-10-27 06:40 - 000296752 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
2017-11-15 08:42 - 2017-10-24 23:18 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-11-15 08:42 - 2017-10-25 00:40 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-13 15:23 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:23 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 18:03 - 2018-03-16 18:04 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 18:03 - 2018-03-16 18:03 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-10-27 06:46 - 2016-10-27 06:46 - 000963376 _____ () C:\Program Files\Dolby\Dolby DAX3\APP\DAX3TrayIcon.exe
2018-01-29 13:42 - 2018-01-29 13:42 - 041100328 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2018-03-17 16:00 - 2018-03-17 16:00 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 14:01 - 2018-03-09 14:01 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-19 14:42 - 2018-03-19 14:42 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-03-19 14:52 - 2018-03-19 14:52 - 000088064 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_ctypes.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000069120 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\bz2.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000920064 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_hashlib.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000098816 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32api.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000110080 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\pywintypes27.dll
2018-03-19 14:52 - 2018-03-19 14:52 - 000364544 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\pythoncom27.dll
2018-03-19 14:52 - 2018-03-19 14:52 - 000686080 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\unicodedata.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000320512 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32com.shell.shell.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 001177088 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._core_.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000806912 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._gdi_.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000816640 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._windows_.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 001067520 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._controls_.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000733696 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._misc_.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000736256 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\pysqlite2._sqlite.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000119808 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32file.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000108544 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32security.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000007168 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\hashobjs_ext.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000017920 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\thumbnails_ext.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000082432 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\usb_ext.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000013824 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\common.time34.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000018432 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32event.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000027648 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\windows.conditional.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000017408 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\windows.winwrap.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000089088 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\windows.volumes.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000167936 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32gui.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000046080 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_socket.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 001311232 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_ssl.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000135680 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_elementtree.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000133632 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\pyexpat.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000038912 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32inet.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000077824 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\wx._html2.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000036864 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_psutil_windows.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000524248 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\windows._lib_cacheinvalidation.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000010240 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\select.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000011264 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32crypt.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000218624 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\PIL._imaging.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000027648 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_multiprocessing.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000020480 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\_yappi.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000035840 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32process.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000024064 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32pipe.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000025600 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32pdh.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000059392 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\windows.device_monitor.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000017408 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32profile.pyd
2018-03-19 14:52 - 2018-03-19 14:52 - 000022528 _____ () C:\Users\david\AppData\Local\Temp\_MEI143562\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-496208758-1336597500-3847832748-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C81851C6-DF02-44CE-B5F6-53AE3B92C4B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BDA6CC6-F619-4D69-8C48-6EF352EB6400}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF3185A7-92FF-4EBF-969C-6DA4ACFBA5CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0C82FEC2-B269-4070-A04D-815862B5CD89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BEA6503C-8EC4-456A-ABD9-796D465EA72A}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{C0FEC2CF-374A-4770-B7EC-270ED78A1EB4}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe

==================== Restore Points =========================

11-03-2018 13:55:08 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2018 11:00:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 64.0.3282.186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2db4

Start Time: 01d3bff75f75a0c1

Termination Time: 11

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 733462a6-dfef-4332-8c55-3b64de6b9c4b

Faulting package full name:

Faulting package-relative application ID:

Error: (03/19/2018 10:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 64.0.3282.186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1598

Start Time: 01d3bfb5a11a6e98

Termination Time: 24

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: aea2dab2-5c56-4b7e-8012-4236f97ad8b5

Faulting package full name:

Faulting package-relative application ID:

Error: (03/19/2018 03:11:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/19/2018 03:08:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 64.0.3282.186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2388

Start Time: 01d3bfb55a6a5a20

Termination Time: 9

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: bf0baa6b-5d83-4cb2-b258-0a19e2dc350e

Faulting package full name:

Faulting package-relative application ID:

Error: (03/19/2018 02:55:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/19/2018 02:52:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/19/2018 02:52:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/19/2018 02:50:23 PM) (Source: MsiInstaller) (EventID: 11719) (User: DESKTOP-SJCC05S)
Description: Product: Java Auto Updater -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (03/19/2018 10:58:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-SJCC05S)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-SJCC05S\david SID (S-1-5-21-496208758-1336597500-3847832748-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 10:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 10:05:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 
To the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 05:23:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 03:33:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 03:15:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SJCC05S)
Description: The server {C41B1461-3F8C-4666-B512-6DF24DE566D1} did not register with DCOM within the required timeout.

Error: (03/19/2018 03:08:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-SJCC05S)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-SJCC05S\david SID (S-1-5-21-496208758-1336597500-3847832748-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/19/2018 03:07:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-19 14:43:01.897
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...BS/Mutuodo.A&threatid=2147724374&enterprise=0
Name: Trojan:VBS/Mutuodo.A
ID: 2147724374
Severity: Severe
Category: Trojan
Path: file:_C:\Users\david\AppData\Roaming\Comicakoc
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\david\AppData\Local\Temp\{0EC932F5-26E1-4A8D-7EB9-62A59651BA7D}\datana.exe
Signature Version: AV: 1.263.741.0, AS: 1.263.741.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-18 13:46:15.932
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1D267DF1-29FA-42FA-B186-7899896F61AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-19 10:13:02.256
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3DCA61B3-78CE-4768-AECE-BA46D9679E60}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-06 14:33:29.097
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {81DB2651-3BD0-49CB-86FD-D10BFD275751}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-04 14:46:07.842
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {068A4239-9476-4B31-A55C-58CED84F6005}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:52.212
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:52.209
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-03-19 23:03:46.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 22:58:46.571
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 22:53:46.514
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 22:48:46.512
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 22:03:25.523
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 21:58:25.542
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 21:53:25.533
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 21:48:25.536
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8034.39 MB
Available physical RAM: 4480.37 MB
Total Virtual: 15714.39 MB
Available Virtual: 11726.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:182.16 GB) NTFS

\\?\Volume{6d2f1485-47a5-4fe6-b205-55683366a7e4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{198128ef-6872-46c1-9bb5-cb4a394d35dc}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: FC9468C9)

Partition: GPT.

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

redtarget.gif
Please uninstall following unwanted program:

PremierOpinion

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Ok first here is ONLY the RogueKiller report. One thing I want to point out--which may be fine: before I clicked on "remove selected," not all the things it found were checked off. So some things that still look dodgy to me, such as " \Yahoo! Powered namil, C:\Windows\system32\wscript.exe" were not removed. No need to respond specifically to that if it's inconsequential.

Ok, here's the report:



RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : https://forum.adlice.com

Website : http://www.adlice.com/download/roguekiller/

Blog : http://www.adlice.com


Operating System : Windows 10 (10.0.16299) 64 bits version

Started in : Normal mode

User : david [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

Mode : Delete -- Date : 03/21/2018 14:34:33 (Duration : 00:30:33)

Switches : -refid


¤¤¤ Processes : 0 ¤¤¤


¤¤¤ Registry : 12 ¤¤¤

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1000\Software\Host App Service -> Not selected

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1000\Software\Host App Service -> Not selected

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\csastats -> Not selected

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Host App Service -> Not selected

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\csastats -> Not selected

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Host App Service -> Not selected

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17swin10.msn.com/?pc=LSJE -> Not selected

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17swin10.msn.com/?pc=LSJE -> Not selected


¤¤¤ Tasks : 2 ¤¤¤

[Suspicious.Path] %WINDIR%\Tasks\Yahoo! Powered namil.job -- C:\WINDOWS\system32\wscript.exe ("C:\ProgramData\{939256F1-19D0-DC37-9F16-42750554C9BB}\tara.txt" "68747470733a2f2f71616a6f6c6f732e636f6d" "//B" "//E:jscript" "--IsErIk" ) -> Not selected

[Suspicious.Path] \Yahoo! Powered namil -- C:\WINDOWS\system32\wscript.exe ("C:\ProgramData\{939256F1-19D0-DC37-9F16-42750554C9BB}\tara.txt" "68747470733a2f2f71616a6f6c6f732e636f6d" "//B" "//E:jscript" "--IsErIk") -> Not selected


¤¤¤ Files : 7 ¤¤¤

[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\david\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service -> Removed at reboot [91]

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\.defaultRegistry -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\analytics.db -> Removed at reboot [20]

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Apps\48f805ed6f2dfa6c212a004a4f1ad09fa37acf90.pokki -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Apps\installed_apps.db -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\Apps -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\HostAppService.exe -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\HostAppService.VisualElementsManifest.xml -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\HostAppServiceInterface.exe -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\HostAppServiceUpdateManager.exe -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe -> Removed at reboot [5]

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\Lenovo.Account.SSO.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\LenovoIdSSO.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\LenovoIdSSOWrapper.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\MahApps.Metro.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\Newtonsoft.Json.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\NLog.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\SLTool.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\SLToolWrapper.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\startmenu\TileLogo_150.png -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\startmenu\TileLogo_70.png -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\Engine\startmenu -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\System.Windows.Interactivity.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\vcruntime140.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Engine\WebAppHelper.exe -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\Engine -> Removed at reboot [91]

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\engine_update.db -> Removed at reboot [20]

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\IconCache\persistent\App Explorer.ico -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\IconCache\persistent\Lenovo App Explorer.ico -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\IconCache\persistent -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\IconCache -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\notifications.db -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\Setup -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Data.Sqlite.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.EntityFrameworkCore.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.EntityFrameworkCore.Relational.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.EntityFrameworkCore.Sqlite.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Caching.Abstractions.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Caching.Memory.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.DependencyInjection.Abstractions.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.DependencyInjection.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Logging.Abstractions.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Logging.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Options.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Extensions.Primitives.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Microsoft.Win32.Primitives.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Newtonsoft.Json.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\NLog.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Remotion.Linq.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\Swbd.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\SwbdWrapper.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.AppContext.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Collections.Immutable.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Console.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Diagnostics.DiagnosticSource.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Globalization.Calendars.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Interactive.Async.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.IO.Compression.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.IO.Compression.ZipFile.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.IO.FileSystem.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.IO.FileSystem.Primitives.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Net.Http.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Net.Sockets.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Runtime.CompilerServices.Unsafe.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Runtime.InteropServices.RuntimeInformation.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Security.Cryptography.Algorithms.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Security.Cryptography.Encoding.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Security.Cryptography.Primitives.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Security.Cryptography.X509Certificates.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\System.Xml.ReaderWriter.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\vcruntime140.dll -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\swbd\x86\sqlite3.dll -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\swbd\x86 -> Deleted

[PUP.Gen1][Folder] C:\Users\david\AppData\Local\Host App Service\swbd -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Local\Host App Service\Uninstall.exe -> Deleted

[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> ERROR [3]

[Adw.PremierOpinion][Folder] C:\Program Files (x86)\PremierOpinion -> Deleted

[Adw.PremierOpinion][File] C:\Program Files (x86)\PremierOpinion\pmropn.exe -> Deleted

[Tr.Gen0][File] C:\Users\david\Pictures\CamStudioPortable_2.7_English.paf.exe -> Deleted

[PUP.Gen1][File] C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\david\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Removed at reboot [2]


¤¤¤ WMI : 0 ¤¤¤


¤¤¤ Hosts File : 0 ¤¤¤


¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤


¤¤¤ Web browsers : 4 ¤¤¤

[PUP.Ask|PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.trovi.com/?gd=&ctid=CT33...=SPBDEA24BF-65F7-4987-8F77-5ACA6F7FAF1C&SSPV=] -> Not selected

[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [bing.com] -> Not selected

[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN] -> Not selected

[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316] -> Not selected


¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: NVMe SAMSUNG MZVLW256 +++++

--- User ---

[MBR] d821471ed3676722b88f5443729a3976

[BSP] 9c0c712f3c0127394c5965176d5462af : Empty|VT.Unknown MBR Code

Partition table:

0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB

1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB

2 - Basic data partition | Offset (sectors): 567296 | Size: 242921 MB

3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498069504 | Size: 1000 MB

User = LL1 ... OK

Error reading LL2 MBR! NOT VALID!
 
You did fine. You remove only preselected items.

Also, I missed something.
Uninstall another unwanted program: Lenovo App Explorer.
 
If there was a program called "Lenovo App Explorer," it seems to be already gone. There is still a folder, "C:\Users\Public\Lenovo App Explorer," and it contains a 1 kb file called "Identifier." Should I delete that folder? Anyway, in the meantime, here is the mbam report, soon to be followed by the AdwCleaner report in my next post.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/21/18
Scan Time: 9:58 PM
Log File: 740da2e6-2d74-11e8-baa6-0028f8f8c432.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4440
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: DESKTOP-SJCC05S\david

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323244
Threats Detected: 50
Threats Quarantined: 50
Time Elapsed: 1 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 37
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [7166], [299817],1.0.4440

Registry Key: 4
PUP.Optional.InstallCore, HKU\S-1-5-21-496208758-1336597500-3847832748-1001\SOFTWARE\csastats, Quarantined, [2], [260986],1.0.4440
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{304EB6BF-31D5-4193-9FE8-516F1FCB18E0}, Quarantined, [58], [308968],1.0.4440
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{304EB6BF-31D5-4193-9FE8-516F1FCB18E0}, Quarantined, [58], [308968],1.0.4440
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered namil, Quarantined, [58], [308968],1.0.4440

Registry Value: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{304EB6BF-31D5-4193-9FE8-516F1FCB18E0}|PATH, Quarantined, [58], [308967],1.0.4440

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.PremierOpinion, C:\USERS\DAVID\APPDATA\LOCAL\TEMP\PREMIEROPINION, Quarantined, [10956], [178971],1.0.4440

File: 7
PUP.Optional.PremierOpinion, C:\Users\david\AppData\Local\Temp\PremierOpinion\POInstaller.exe, Quarantined, [10956], [178971],1.0.4440
PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered namil.job, Quarantined, [58], [308966],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\WINDOWS\SYSWOW64\PMLS.DLL, Quarantined, [7166], [299817],1.0.4440
Adware.Graftor, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\B16871BADBF6DE6D.VIR, Quarantined, [7166], [299817],1.0.4440
PUP.Optional.Trovi, C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [4669], [454808],1.0.4440
PUP.Optional.Trovi, C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [4669], [454808],1.0.4440

Physical Sector: 0
(No malicious items detected)


(end)
 
Thanks. Here's AdwCleaner:

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 22 02:20:21 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Default\AppData\Local\Host App Service
Deleted: C:\Users\Default User\AppData\Local\Host App Service
Deleted: C:\Users\defaultuser0\AppData\Local\Host App Service


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: App Explorer


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|app
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|app
Deleted: [Key] - HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Host App Service
Deleted: [Key] - HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted: [Key] - HKCU\Software\Host App Service
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1811 B] - [2018/3/22 2:13:30]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Ok about to here are those logs over the span of several replies:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by david (administrator) on DESKTOP-SJCC05S (21-03-2018 22:59:10)
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: defaultuser0 & david)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo) C:\Program Files\Lenovo\YMC\ymc.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHDCPSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\IntelCpHeciSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxEM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\david\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16779776 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1478144 2016-12-19] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-19] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41100328 2018-01-29] ()
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [Chromium] => c:\users\david\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Run: [GoogleChromeAutoLaunch_C8D43A3EEFF19C42AA31C68EEE7A5AF4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1581912 2018-02-21] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{fb767e3b-2f6d-46f1-8391-1b215f747acc}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LSJE
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> DefaultScope {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-19] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1wqdrufm.default
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\1wqdrufm.default [2018-03-19]
FF Extension: (Avast SafePrice) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\1wqdrufm.default\Extensions\sp@avast.com.xpi [2018-03-19]
FF Extension: (Avast Online Security) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\1wqdrufm.default\Extensions\wrc@avast.com.xpi [2018-03-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\david\AppData\Local\Google\Chrome\User Data\Default [2018-03-21]
CHR Extension: (Slides) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-28]
CHR Extension: (YouTube) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-28]
CHR Extension: (Adblock Plus) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-16]
CHR Extension: (Google News) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2017-05-02]
CHR Extension: (Dropbox for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-04]
CHR Extension: (Google Calendar) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-05-02]
CHR Extension: (Avast SafePrice) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-20]
CHR Extension: (Sheets) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-29]
CHR Extension: (Avast Online Security) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-19]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2018-02-08]
CHR Extension: (Google Hangouts) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2018-02-16]
CHR Extension: (Lego Builder) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2017-05-02]
CHR Extension: (Boomerang for Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2017-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Gmail) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08]
CHR HKU\S-1-5-21-496208758-1336597500-3847832748-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-19] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 DAXAPI; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [147760 2016-10-27] ()
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2211448 2016-11-08] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-02] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1601176 2016-12-07] (Wacom Technology, Corp.)
R2 ymc; C:\Program Files\Lenovo\YMC\ymc.exe [49032 2016-11-22] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-19] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-19] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-19] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-19] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-19] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [215320 2018-03-19] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-19] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-19] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-19] (AVAST Software)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72592 2016-10-24] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67984 2016-10-24] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355216 2016-10-24] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [129032 2017-04-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-21] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149832 2016-10-07] (Realtek Semiconductor Corp.)
R3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [132248 2016-12-07] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-02] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 22:20 - 2018-03-21 22:20 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-21 22:17 - 2018-03-21 22:17 - 000001811 _____ C:\Users\david\Desktop\1AdwCleaner[S0].txt
2018-03-21 22:11 - 2018-03-21 22:22 - 000000000 ____D C:\AdwCleaner
2018-03-21 22:08 - 2018-03-21 22:08 - 008222496 _____ (Malwarebytes) C:\Users\david\Desktop\AdwCleaner.exe
2018-03-21 22:03 - 2018-03-21 22:03 - 000006037 _____ C:\Users\david\Desktop\mbam report.txt
2018-03-21 22:02 - 2018-03-21 22:02 - 000000000 ___HD C:\OneDriveTemp
2018-03-21 16:02 - 2018-03-21 22:20 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-21 16:02 - 2018-03-21 22:20 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-21 16:02 - 2018-03-21 16:02 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-21 16:01 - 2018-03-21 16:01 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-21 16:01 - 2018-03-21 16:01 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-21 16:01 - 2018-03-21 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-21 16:01 - 2018-03-21 16:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-21 16:01 - 2018-03-21 16:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-21 16:01 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-21 16:00 - 2018-03-21 16:00 - 070573424 _____ (Malwarebytes ) C:\Users\david\Desktop\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4420.exe
2018-03-21 15:51 - 2018-03-21 15:51 - 002931850 _____ (Adlice Software ) C:\Users\david\Downloads\204078a8-fce8-4e1d-ad5f-65d44eca6db3.tmp
2018-03-21 14:34 - 2018-03-21 14:34 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-21 14:33 - 2018-03-21 21:57 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-21 14:33 - 2018-03-21 15:55 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-21 14:33 - 2018-03-21 14:33 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-21 14:33 - 2018-03-21 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-21 14:30 - 2018-03-21 14:32 - 000000000 ____D C:\Users\david\Desktop\New folder (2)
2018-03-21 14:28 - 2018-03-21 14:28 - 036551808 _____ (Adlice Software ) C:\Users\david\Desktop\RogueKiller_setup_ref3.exe
2018-03-19 23:06 - 2018-03-19 23:06 - 000042026 _____ C:\Users\david\Desktop\Addition.txt
2018-03-19 23:05 - 2018-03-21 22:59 - 000020066 _____ C:\Users\david\Desktop\FRST.txt
2018-03-19 23:01 - 2018-03-21 22:59 - 000000000 ____D C:\FRST
2018-03-19 23:01 - 2018-03-19 23:01 - 000000000 ____D C:\Users\david\Desktop\FRST-OlderVersion
2018-03-19 22:56 - 2018-03-19 23:01 - 002403328 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2018-03-19 14:48 - 2018-03-19 14:48 - 000000000 ____D C:\Users\david\AppData\LocalLow\Oracle
2018-03-19 14:45 - 2018-03-19 14:45 - 000000000 ___HD C:\$AV_ASW
2018-03-19 14:45 - 2018-03-19 14:45 - 000000000 ____D C:\Users\david\AppData\Roaming\AVAST Software
2018-03-19 14:43 - 2018-03-19 14:55 - 000000000 ____D C:\Users\david\AppData\Local\chromium
2018-03-19 14:43 - 2018-03-19 14:43 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-19 14:43 - 2018-03-19 14:43 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-19 14:43 - 2018-03-19 14:43 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-19 14:43 - 2018-03-19 14:43 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-19 14:43 - 2018-03-19 14:43 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-19 14:43 - 2018-03-19 14:43 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-19 14:43 - 2018-03-19 14:43 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-19 14:43 - 2018-03-19 14:42 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000215320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-19 14:43 - 2018-03-19 14:42 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-19 14:42 - 2018-03-19 18:42 - 000000000 ____D C:\ProgramData\{939256F1-19D0-DC37-9F16-42750554C9BB}
2018-03-19 14:42 - 2018-03-19 15:02 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-19 14:42 - 2018-03-19 14:42 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-19 14:41 - 2018-03-21 22:01 - 000000000 ____D C:\ProgramData\McAfee
2018-03-17 21:04 - 2018-03-17 21:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-17 21:04 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-14 02:12 - 2018-03-14 02:12 - 1258490802 _____ C:\WINDOWS\MEMORY.DMP
2018-03-13 15:23 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 15:23 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 15:23 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 15:23 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 15:23 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 15:23 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 15:23 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 15:23 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 15:23 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 15:23 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 15:23 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 15:23 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 15:23 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 15:23 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 15:23 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 15:23 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 15:23 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 15:23 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 15:23 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 15:23 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 15:23 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 15:23 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 15:23 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 15:23 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 15:23 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 15:23 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 15:23 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 15:23 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 15:23 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 15:23 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 15:23 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 15:23 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 15:23 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 15:23 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 15:23 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 15:23 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 15:23 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 15:23 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 15:23 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 15:23 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 15:23 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
 
2018-03-13 15:23 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 15:23 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 15:23 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 15:23 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 15:23 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 15:23 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 15:23 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 15:23 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 15:23 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 15:23 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 15:23 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 15:23 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 15:23 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 15:23 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 15:23 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 15:23 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 15:23 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 15:23 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 15:23 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 15:23 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 15:23 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 15:23 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 15:23 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 15:23 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 15:23 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 15:23 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 15:23 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 15:23 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 15:23 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 15:23 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 15:23 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 15:23 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 15:23 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 15:23 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 15:23 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 15:23 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 15:23 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 15:23 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 15:23 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 15:23 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 15:23 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 15:23 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 15:23 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 15:23 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 15:23 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 15:23 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 15:23 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 15:23 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 15:23 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 15:23 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 15:23 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 15:23 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 15:23 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 15:23 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 15:23 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 15:23 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 15:23 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 15:23 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 15:23 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 15:23 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 15:23 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 15:23 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 15:23 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 15:23 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 15:23 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 15:23 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 15:23 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 15:23 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 15:23 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 15:23 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 15:23 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 15:23 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 15:23 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 15:23 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 15:23 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 15:23 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 15:23 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 15:23 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 15:23 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 15:23 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 15:23 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 15:23 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 15:23 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 15:23 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 15:23 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 15:23 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 15:23 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 15:23 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 15:23 - 2018-02-21 20:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 15:23 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 15:23 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 15:23 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 13:51 - 2018-03-13 13:51 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-02-19 11:56 - 2018-02-20 15:56 - 000000000 ____D C:\Users\david\Downloads\album

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-21 22:58 - 2017-11-05 17:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-21 22:28 - 2017-11-05 18:02 - 001226266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-21 22:26 - 2017-04-27 02:43 - 000048470 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-21 22:21 - 2017-05-19 15:15 - 000000000 ___RD C:\Users\david\Google Drive
2018-03-21 22:21 - 2017-04-27 02:39 - 000000000 ___RD C:\Users\david\OneDrive
2018-03-21 22:21 - 2017-04-27 02:37 - 000000000 __SHD C:\Users\david\IntelGraphicsProfiles
2018-03-21 22:20 - 2017-11-05 17:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-21 22:20 - 2017-09-29 04:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-03-21 22:20 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-21 22:03 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-21 21:59 - 2017-11-05 17:57 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{445FAEA0-50E8-47A6-BEE9-E6166E90469D}
2018-03-21 15:04 - 2016-07-16 07:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-21 13:30 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-21 13:30 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-19 14:48 - 2017-12-23 12:36 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-03-19 14:48 - 2017-12-23 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-19 14:48 - 2017-12-23 12:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-19 14:47 - 2017-05-04 02:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-19 14:46 - 2017-11-05 17:54 - 000000000 ____D C:\Users\david\AppData\Local\Packages
2018-03-19 14:42 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-19 14:42 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-18 16:10 - 2017-05-02 18:02 - 000000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2018-03-18 13:46 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-16 18:05 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-16 18:04 - 2017-04-11 10:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-14 02:15 - 2017-11-05 17:53 - 000000000 ____D C:\Users\david
2018-03-14 02:15 - 2017-11-05 17:52 - 000385288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-14 02:15 - 2017-04-29 22:09 - 000000000 ___RD C:\Users\david\3D Objects
2018-03-14 02:15 - 2016-07-29 13:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-14 02:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 16:06 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 15:34 - 2017-04-29 16:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:26 - 2017-10-12 07:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 15:26 - 2017-04-29 16:37 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 15:24 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 15:24 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 13:51 - 2017-11-05 17:57 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 13:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 13:51 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-09 04:55 - 2017-11-05 17:57 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-496208758-1336597500-3847832748-1001
2018-03-09 04:55 - 2017-04-27 02:39 - 000002370 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-02 17:09 - 2017-09-29 09:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-02 17:09 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-02 15:13 - 2018-02-16 15:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-02 15:13 - 2017-09-29 09:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-02 13:15 - 2017-05-20 13:26 - 000000000 ____D C:\Users\david\AppData\Local\LenovoServiceBridge
2018-03-02 08:40 - 2017-10-05 09:43 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-03-02 08:40 - 2017-10-05 09:43 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-03-02 08:40 - 2017-10-05 09:43 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-02-28 04:46 - 2017-11-05 17:57 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-27 21:01 - 2017-09-07 11:52 - 000000000 ____D C:\Users\david\AppData\Roaming\audacity
2018-02-27 20:35 - 2017-04-28 10:32 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 20:35 - 2017-04-28 10:32 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 15:17 - 2017-05-03 16:19 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-22 08:42 - 2017-11-05 19:10 - 000000000 ____D C:\Users\david\AppData\Local\PlaceholderTileLogoFolder
2018-02-22 08:35 - 2018-02-17 09:37 - 000001436 _____ C:\Users\david\Desktop\Roblox Player.lnk
2018-02-22 08:35 - 2018-02-17 09:37 - 000001251 _____ C:\Users\david\Desktop\Roblox Studio.lnk
2018-02-22 08:35 - 2018-02-17 09:37 - 000000000 ____D C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-02-19 12:28 - 2018-02-10 01:06 - 000000000 ____D C:\Users\david\Downloads\OneDrive-2018-02-09

==================== Files in the root of some directories =======

2017-05-03 00:16 - 2017-05-03 00:16 - 000000036 _____ () C:\Users\david\AppData\Roaming\.360fly

Some files in TEMP:
====================
2018-03-21 14:34 - 2018-02-10 02:15 - 001954048 _____ (Microsoft Corporation) C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
2018-03-13 14:25 - 2018-03-13 14:25 - 021728328 _____ (SweetLabs,Inc.) C:\Users\david\AppData\Local\Temp\oct2909.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-18 13:46

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (21-03-2018 22:59:42)
Running from C:\Users\david\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-11-05 22:00:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-496208758-1336597500-3847832748-500 - Administrator - Disabled)
david (S-1-5-21-496208758-1336597500-3847832748-1001 - Administrator - Enabled) => C:\Users\david
DefaultAccount (S-1-5-21-496208758-1336597500-3847832748-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-496208758-1336597500-3847832748-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-496208758-1336597500-3847832748-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-496208758-1336597500-3847832748-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360fly Director (HKLM-x32\...\{d08b9f7c-fadd-4d02-8411-4a31980a1d33}) (Version: 1.6.2.0 - 360fly, Inc.)
360fly Director (x64) (HKLM\...\{CDF4C697-ECCA-4A8E-8767-4A9A1AB48231}) (Version: 1.6.2.0 - 360fly, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Dolby Atmos Windows API SDK (HKLM\...\{8251506A-1856-4A1E-9CB0-7B2DC705558E}) (Version: 1.0.0.11 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3FC92273-FEF4-4C0B-9AF4-F38D747EB765}) (Version: 1.0.0.10 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) Hidden
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Service Bridge (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.9 - Lenovo)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.6 - Lenovo)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Roblox Player for david (HKU\S-1-5-21-496208758-1336597500-3847832748-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
RogueKiller version 12.12.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.9.0 - Adlice Software)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-23 - Wacom Technology Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_09afa4e14ee4fad2\igfxDTCM.dll [2017-11-24] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-19] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09CE0810-EBF8-48C3-8461-DBF38D27D77E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {10B3EAA7-623A-4AA0-9814-15AA9561368C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {18B6CE5F-A355-4309-9D51-48398A115F53} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-496208758-1336597500-3847832748-1001 => C:\Users\david\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-02-07] (Lenovo Group Limited)
Task: {2C77BC11-352F-4128-A5C3-0AD89E801877} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {42777121-565D-406D-B97A-59441E66ADDE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {4B7FE2D0-EC6E-422A-974C-D4C37C0E13EA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {4E7BFB9A-C1AA-4255-BF51-17ABCA219992} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {591B0AC6-75B7-4556-8481-503A157F2BFF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {70282093-A5B0-4D93-947D-4D776930DF4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-28] (Google Inc.)
Task: {7D2038EB-9C97-4933-9453-BCF56B173671} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b57ad55a-2e1e-4719-8615-2e77e7fa7424 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {82A33B17-AB5F-4AB3-82C6-363530466B97} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {82DDBE91-3FF8-42DD-8A3E-7353DFDA0F0D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7a5912c7-1f8a-4160-8f26-33129f502786 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {8A5C51A5-9D2A-4F75-AB16-B9094D750151} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited)
Task: {9579D4CA-1482-4CEF-A905-A8F06F5C4FBD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-19] (AVAST Software)
Task: {96716C7F-54A3-4385-9C33-BE9A353139A9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-19] (AVAST Software)
Task: {C7C510CA-05F6-47D4-AD8E-9EB45B20C568} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-28] (Google Inc.)
Task: {D2D76899-7C7D-4E3C-9E67-5B04042C242F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-16] (Microsoft Corporation)
Task: {E31AAC04-7B5E-40FF-A3B0-14235446520D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\17e8f502-c397-473c-9490-7b1ea74a5065 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {F250ECD0-40E1-4CD3-AE24-3494F04A9B86} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {F3F6C6AC-CDEC-4D8C-9B3E-5BE1581D3469} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-16] (Microsoft Corporation)
Task: {FCA37D09-E03E-47D1-A577-14F943FA6C38} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbb2a1f5-33d1-48bf-a564-133c0a7618cd => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-04-11 10:16 - 2015-06-27 05:34 - 000029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2018-03-21 16:01 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-21 16:01 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-13 15:23 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:23 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 18:03 - 2018-03-16 18:04 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 18:03 - 2018-03-16 18:04 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 18:03 - 2018-03-16 18:03 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-29 13:42 - 2018-01-29 13:42 - 041100328 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2016-10-27 06:40 - 2016-10-27 06:40 - 000147760 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
2016-10-27 06:40 - 2016-10-27 06:40 - 000292656 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
2016-10-27 06:40 - 2016-10-27 06:40 - 000296752 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
2018-02-27 20:35 - 2018-02-21 23:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-27 20:35 - 2018-02-21 23:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2018-03-17 16:00 - 2018-03-17 16:00 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 14:01 - 2018-03-09 14:01 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-02-28 16:39 - 2018-02-28 16:40 - 059575808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-02-16 03:41 - 2018-02-16 03:42 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2017-10-05 07:35 - 2017-10-05 07:35 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-14 15:06 - 2017-12-14 15:07 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 015986688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 003231232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 001369088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-01-31 03:08 - 2018-01-31 03:08 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 000094208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-02-16 03:41 - 2018-02-16 03:42 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-02-28 16:39 - 2018-02-28 16:40 - 000628736 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18021.12420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2017-11-15 08:42 - 2017-10-24 23:18 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-11-15 08:42 - 2017-10-25 00:40 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2018-03-06 12:16 - 2018-03-06 12:16 - 034550272 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_39.39.1002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-04-11 10:08 - 2017-04-11 10:08 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_39.39.1002.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-19 14:43 - 2018-03-19 14:43 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-19 14:42 - 2018-03-19 14:42 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-03-21 22:21 - 2018-03-21 22:21 - 000088064 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_ctypes.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000069120 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\bz2.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000920064 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_hashlib.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000098816 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32api.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000110080 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\pywintypes27.dll
2018-03-21 22:21 - 2018-03-21 22:21 - 000364544 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\pythoncom27.dll
2018-03-21 22:21 - 2018-03-21 22:21 - 000686080 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\unicodedata.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000320512 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32com.shell.shell.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 001177088 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._core_.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000806912 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._gdi_.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000816640 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._windows_.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 001067520 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._controls_.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000733696 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._misc_.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000736256 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\pysqlite2._sqlite.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000119808 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32file.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000108544 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32security.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000007168 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\hashobjs_ext.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000017920 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\thumbnails_ext.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000082432 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\usb_ext.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000013824 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\common.time34.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000018432 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32event.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000027648 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\windows.conditional.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000017408 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\windows.winwrap.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000089088 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\windows.volumes.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000167936 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32gui.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000046080 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_socket.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 001311232 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_ssl.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000135680 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_elementtree.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000133632 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\pyexpat.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000038912 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32inet.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000077824 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\wx._html2.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000036864 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_psutil_windows.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000524248 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\windows._lib_cacheinvalidation.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000010240 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\select.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000011264 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32crypt.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000218624 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\PIL._imaging.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000027648 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_multiprocessing.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000020480 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\_yappi.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000035840 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32process.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000024064 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32pipe.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000025600 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32pdh.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000059392 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\windows.device_monitor.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000017408 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32profile.pyd
2018-03-21 22:21 - 2018-03-21 22:21 - 000022528 _____ () C:\Users\david\AppData\Local\Temp\_MEI111882\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-496208758-1336597500-3847832748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\david\Pictures\Capture.PNG
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C81851C6-DF02-44CE-B5F6-53AE3B92C4B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BDA6CC6-F619-4D69-8C48-6EF352EB6400}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF3185A7-92FF-4EBF-969C-6DA4ACFBA5CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0C82FEC2-B269-4070-A04D-815862B5CD89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-03-2018 13:55:08 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2018 10:21:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\david\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/21/2018 10:21:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:21:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:10:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:10:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:08:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:03:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.

Error: (03/21/2018 10:02:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\david\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.3014.0,language="&#x2a;",type="win32",version="58.0.3014.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/21/2018 10:35:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:30:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:26:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:22:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {C41B1461-3F8C-4666-B512-6DF24DE566D1} did not register with DCOM within the required timeout.

Error: (03/21/2018 10:21:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-SJCC05S)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-SJCC05S\david SID (S-1-5-21-496208758-1336597500-3847832748-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:21:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:21:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/21/2018 10:21:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-03-19 14:43:01.897
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...BS/Mutuodo.A&threatid=2147724374&enterprise=0
Name: Trojan:VBS/Mutuodo.A
ID: 2147724374
Severity: Severe
Category: Trojan
Path: file:_C:\Users\david\AppData\Roaming\Comicakoc
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\david\AppData\Local\Temp\{0EC932F5-26E1-4A8D-7EB9-62A59651BA7D}\datana.exe
Signature Version: AV: 1.263.741.0, AS: 1.263.741.0, NIS: 118.5.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-18 13:46:15.932
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1D267DF1-29FA-42FA-B186-7899896F61AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-19 10:13:02.256
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3DCA61B3-78CE-4768-AECE-BA46D9679E60}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-06 14:33:29.097
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {81DB2651-3BD0-49CB-86FD-D10BFD275751}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-04 14:46:07.842
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {068A4239-9476-4B31-A55C-58CED84F6005}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:53.581
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1620.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:52.212
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-02-27 11:26:52.209
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

CodeIntegrity:
===================================

Date: 2018-03-21 16:02:05.154
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:09.098
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:09.090
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:09.077
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:09.062
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:04.021
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:04.015
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-21 14:26:04.010
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8034.39 MB
Available physical RAM: 4228.62 MB
Total Virtual: 15714.39 MB
Available Virtual: 11704.41 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:180.98 GB) NTFS

\\?\Volume{6d2f1485-47a5-4fe6-b205-55683366a7e4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{198128ef-6872-46c1-9bb5-cb4a394d35dc}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: FC9468C9)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    793 bytes · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by david (23-03-2018 01:36:30) Run:1
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: defaultuser0 & david)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> DefaultScope {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
SearchScopes: HKU\S-1-5-21-496208758-1336597500-3847832748-1001 -> {E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} URL =
2017-05-03 00:16 - 2017-05-03 00:16 - 000000036 _____ () C:\Users\david\AppData\Roaming\.360fly
2018-03-21 14:34 - 2018-02-10 02:15 - 001954048 _____ (Microsoft Corporation) C:\Users\david\AppData\Local\Temp\dllnt_dump.dll
2018-03-13 14:25 - 2018-03-13 14:25 - 021728328 _____ (SweetLabs,Inc.) C:\Users\david\AppData\Local\Temp\oct2909.tmp.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {4B7FE2D0-EC6E-422A-974C-D4C37C0E13EA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

*****************

"HKU\S-1-5-21-496208758-1336597500-3847832748-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-496208758-1336597500-3847832748-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5F6A5EE-3BA2-4647-BEAA-4C781491FE60}" => removed successfully
HKLM\Software\Classes\CLSID\{E5F6A5EE-3BA2-4647-BEAA-4C781491FE60} => not found
C:\Users\david\AppData\Roaming\.360fly => moved successfully
C:\Users\david\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\david\AppData\Local\Temp\oct2909.tmp.exe => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B7FE2D0-EC6E-422A-974C-D4C37C0E13EA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B7FE2D0-EC6E-422A-974C-D4C37C0E13EA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-03-2018 01:37:27)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 01:37:27 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Here's checkup.txt:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 151
Java 8 Update 161
Java version 32-bit out of Date!
Adobe Flash Player 29.0.0.113
Mozilla Firefox (56.0)
Google Chrome (65.0.3325.181)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
Oracle Java javapath AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Here's FSS.txt:

Farbar Service Scanner Version: 27-01-2016
Ran by david (administrator) on 23-03-2018 at 21:43:12
Running from "C:\Users\david\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
No threats found by Sophos! Ok one quick question--A couple times during this process, Windows has changed its overall visual theme--to one that's definitely not a default, so it's not a matter of these programs undoing any personalizations I've done. Have you heard of this happening before, and does it sound like something to be concerned about? Thank you!
 
Not sure about that theme change. Let me know if it happens again.

For now...

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back