Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! May Be Infected!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! May Be Infected!

Unread postby MMGirl65 » November 9th, 2017, 8:13 pm

Hello,

A couple of weeks ago this PC started acting up. It began to experience a lot of lag, so much so that sometimes we have to restart in order to use it. It also locks up the longer it runs. Also it really gets loud and sounds like it's struggling to operate. Thinking that maybe we'd been hit bit malware, we have run Antimalware Bytes, AVG and House Call, but nothing came up. We've also cleaned out the temporary files and still the PC is super slow.

I haven't seen any pop-ups or anything else too odd, but it just doesn't feel right. I think it's possible we have something here that we just haven't been able to detect.

Thanks in advance for your assistance. I am posting the requested FRST logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Pamela (administrator) on PAMELA-PC (09-11-2017 16:00:44)
Running from C:\Users\Pamela\Desktop
Loaded Profiles: Pamela & DefaultAppPool (Available Profiles: Pamela & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1703 15063.674 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(VL) C:\Program Files\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(MediaMall Technologies, Inc.) C:\Program Files\MediaMall\MediaMallServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(MediaMall Technologies, Inc.) C:\Program Files\MediaMall\MediaMallServer.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG Netherlands B.V) C:\Program Files\AVG Driver Updater\AVG Driver Updater.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
(Visual Networks) C:\Program Files\EarthLink TotalAccess\FastLane2\ipmon32.exe
(Visual Networks) C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
(Spotify Ltd) C:\Users\Pamela\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Gramblr\gramblr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17083.18421.0_x86__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x86__8wekyb3d8bbwe\Video.UI.exe
(MediaMall Technologies, Inc.) C:\Program Files\MediaMall\MediaMallServer.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x86__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408328 2013-01-08] (Synaptics Incorporated)
HKLM\...\Run: [QuickFinder Scheduler] => c:\Program Files\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2131856 2016-07-14] (AimerSoft)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-10-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IPInSightMonitor 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\...\Run: [Spotify Web Helper] => C:\Users\Pamela\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-04] (Spotify Ltd)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2017-03-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{11add20a-aeb3-4fcf-9daf-b9635e4ca5c9}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5739a499-4794-4c1f-9bed-9d946bc428f1}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-118-756
HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKLM -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1409049169-3834728507-3598825175-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409049169-3834728507-3598825175-1000 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1409049169-3834728507-3598825175-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-118-756&q={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
BHO: ElnkBhoGuard Class -> {00000000-0000-0000-0000-000000000002} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll [2007-07-19] (EarthLink, Inc.)
BHO: ElnkScamBHO Class -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll [2007-07-19] (EarthLink, Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPuB.dll [2008-02-19] (EarthLink, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll [2008-02-19] (EarthLink, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll [2008-02-19] (EarthLink, Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1409049169-3834728507-3598825175-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File

FireFox:
========
FF DefaultProfile: vxm248xc.default-1436357929522-1507502511742
FF ProfilePath: C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\vxm248xc.default-1436357929522-1507502511742 [2017-11-09]
FF Homepage: Mozilla\Firefox\Profiles\vxm248xc.default-1436357929522-1507502511742 -> hxxps://www.google.com/
FF Extension: (Safe Browsing Version 4 (temporary add-on)) - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\vxm248xc.default-1436357929522-1507502511742\Extensions\sbv4-gradual-rollout@mozilla.com.xpi [2017-10-12]
FF Extension: (Adblock Plus) - C:\Users\Pamela\AppData\Roaming\Mozilla\Firefox\Profiles\vxm248xc.default-1436357929522-1507502511742\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-06]
FF HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\...\Firefox\Extensions: [{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}] - C:\Program Files\Allavsoft\Video Downloader Converter\extensions\3.13.9.6261\BVDFirefoxExt
FF Extension: (Allavsoft Video Downloader Firefox Extension) - C:\Program Files\Allavsoft\Video Downloader Converter\extensions\3.13.9.6261\BVDFirefoxExt [2017-04-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @playon.tv/PlayOnToolbar -> C:\Program Files\MediaMall\toolbar\npVT.dll [2015-10-29] (MediaMall Technologies, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pamela\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-12] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM ... PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default [2017-11-09]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-06-20]
CHR Extension: (YouTube) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Search by Image (by Google)) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-19]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2017-04-10]
CHR Extension: (Tampermonkey) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-10-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (AVG Do Not Track) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2015-04-12]
CHR Extension: (Pinterest Save Button) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-09]
CHR Extension: (Youtube Downloader For Chrome) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcaibdcbockpmaolpegmbphhkloakojm [2017-10-08]
CHR Extension: (Flash Control) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgadgplbbdjlbjgdociahdlmbglfeen [2017-05-28]
CHR Extension: (CloudConvert) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-03]
CHR Extension: (Video Converter) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgmhgehdjeddhacdcdmbfmphfgfpdfne [2017-10-08]
CHR Extension: (Video Downloader professional) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdldgcmokdpmacblnehppgkjphcbpnn [2017-10-27]
CHR Extension: (Video Converter) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2016-01-17]
CHR Extension: (Instagram from Computer) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedegfceienbmbipekofjknefgjnbdfj [2016-12-27]
CHR Extension: (STM - MP3 downloader) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nigcnnoecjidafpppblafapadbhklfid [2017-10-08]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Adblock Pro) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-14]
CHR Extension: (This Is Fake) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\peeibjiaceaafioopngfaneonhcdbmhb [2017-03-09]
CHR Extension: (Download Vimeo Videos, Premium) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\phpaiffimemgakmakpcehgbophkbllkf [2017-06-21]
CHR Extension: (Chrome Media Router) - C:\Users\Pamela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
CHR HKLM\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files\Allavsoft\Video Downloader Converter\extensions\3.13.9.6261\BVDChromeExt.crx [2017-04-10]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-1409049169-3834728507-3598825175-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imooohanopeeieejjcgioibkoejmdokj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AmazonMeterService; C:\Program Files\ShopTracker\Scheduler\AmazonMeter.Scheduler.exe [31688 2017-04-20] (VL)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-10-20] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5879472 2017-10-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [8218192 2017-11-09] () [File not signed]
R3 MediaMall Server; C:\Program Files\MediaMall\MediaMallServer.exe [8277608 2017-04-13] (MediaMall Technologies, Inc.)
U2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [4677904 2017-07-26] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [249232 2017-10-20] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-10-20] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-10-20] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-10-20] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-10-20] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [117368 2017-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [91976 2017-10-20] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [776064 2017-10-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [491976 2017-10-20] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [142240 2017-10-20] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [290264 2017-10-20] (AVG Technologies CZ, s.r.o.)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [23920 2015-08-27] (MediaMall Technologies, Inc.)
R3 netr28u; C:\WINDOWS\System32\drivers\netr28u.sys [1824256 2017-03-18] (MediaTek Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-08-21] (Riverbed Technology, Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [22728 2017-11-09] (SlimWare Utilities, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [31792 2017-02-21] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2016-08-14] (Zemana Ltd.)
U0 IPVNMon; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-09 16:00 - 2017-11-09 16:01 - 000023176 _____ C:\Users\Pamela\Desktop\FRST.txt
2017-11-09 16:00 - 2017-11-09 16:00 - 000000000 ____D C:\FRST
2017-11-09 15:41 - 2017-11-09 15:41 - 001799680 _____ (Farbar) C:\Users\Pamela\Desktop\FRST.exe
2017-11-09 15:18 - 2017-11-09 15:18 - 000000165 ____H C:\Users\Pamela\Desktop\~$Lori-October2017 (2).xlsx
2017-11-06 10:26 - 2017-11-06 10:26 - 060377516 _____ C:\Users\Pamela\Downloads\794303579.mp4
2017-11-01 08:08 - 2017-11-09 15:53 - 000017064 _____ C:\Users\Pamela\Desktop\Lori-October2017 (2).xlsx
2017-10-28 06:12 - 2017-10-28 06:12 - 000000462 _____ C:\Users\Pamela\Downloads\url.html
2017-10-28 06:12 - 2017-10-28 06:12 - 000000462 _____ C:\Users\Pamela\Downloads\url (1).html
2017-10-21 17:17 - 2017-10-21 17:17 - 000000000 ____D C:\Users\Pamela\Downloads\stuff
2017-10-20 07:38 - 2017-10-20 07:37 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-10-17 05:13 - 2017-11-09 05:12 - 000000464 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job
2017-10-17 05:13 - 2017-11-09 05:11 - 000022728 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-10-17 05:13 - 2017-11-02 05:13 - 000000518 _____ C:\WINDOWS\Tasks\AVG Driver Updater Scan.job
2017-10-17 05:13 - 2017-10-17 05:13 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2017-10-17 05:13 - 2017-10-17 05:13 - 000000000 ____D C:\Users\Pamela\AppData\Local\AVG Netherlands BV
2017-10-17 05:13 - 2017-10-17 05:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater
2017-10-17 05:13 - 2017-10-17 05:13 - 000000000 ____D C:\Program Files\AVG Driver Updater
2017-10-17 05:12 - 2017-10-17 05:12 - 001205376 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Pamela\Downloads\AVG_Driver_Updater_Setup_11_4.exe
2017-10-16 11:20 - 2017-10-16 11:20 - 114466535 _____ C:\Users\Pamela\Downloads\Week 42 - Kara Bullock - Lesson 2.mp4
2017-10-14 14:24 - 2017-10-14 14:24 - 000000000 ____D C:\Users\Pamela\AppData\Roaming\EarthLink
2017-10-14 14:11 - 2017-10-14 14:11 - 000000000 ____D C:\Users\Pamela\AppData\LocalLow\ScamBlocker
2017-10-14 04:50 - 2017-10-14 04:50 - 000000000 ____D C:\ProgramData\Visual Networks
2017-10-14 04:49 - 2017-10-14 04:50 - 000000000 ____D C:\Program Files\EarthLink TotalAccess
2017-10-14 04:49 - 2017-10-14 04:50 - 000000000 ____D C:\Program Files\Common Files\EarthLink
2017-10-14 04:49 - 2017-10-14 04:49 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EarthLink TotalAccess.lnk
2017-10-14 04:49 - 2017-10-14 04:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EarthLink TotalAccess
2017-10-14 03:59 - 2017-10-14 03:59 - 000562320 _____ (EarthLink, Inc.) C:\Users\Pamela\Downloads\Smart_Installer.exe
2017-10-14 03:59 - 2017-10-14 03:59 - 000000000 ____D C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EarthLink
2017-10-14 03:59 - 2017-10-14 03:59 - 000000000 ____D C:\Program Files\EarthLink
2017-10-11 12:52 - 2017-10-11 12:52 - 124059592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 12:45 - 2017-09-29 18:10 - 001855336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 12:45 - 2017-09-29 18:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 12:45 - 2017-09-29 18:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 12:45 - 2017-09-29 18:10 - 000370072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 12:45 - 2017-09-29 18:10 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 12:45 - 2017-09-29 18:07 - 000815608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 12:45 - 2017-09-29 18:07 - 000144176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 12:45 - 2017-09-29 18:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 12:45 - 2017-09-29 18:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 12:45 - 2017-09-29 18:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 12:45 - 2017-09-29 18:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 12:45 - 2017-09-29 18:04 - 000259856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 12:45 - 2017-09-29 18:04 - 000249016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 12:45 - 2017-09-29 18:04 - 000127384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 12:45 - 2017-09-29 18:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 12:45 - 2017-09-29 18:01 - 002077592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 12:45 - 2017-09-29 18:01 - 000044008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 12:45 - 2017-09-28 23:42 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 12:45 - 2017-09-28 23:42 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 12:45 - 2017-09-28 23:42 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 12:45 - 2017-09-28 23:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 12:45 - 2017-09-28 23:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 12:45 - 2017-09-28 23:41 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 12:45 - 2017-09-28 23:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 12:45 - 2017-09-28 23:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 12:45 - 2017-09-28 23:39 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 12:45 - 2017-09-28 23:39 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 12:45 - 2017-09-28 23:39 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 12:45 - 2017-09-28 23:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 12:45 - 2017-09-28 23:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 12:45 - 2017-09-28 23:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 12:45 - 2017-09-28 23:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 12:45 - 2017-09-28 23:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 12:45 - 2017-09-28 23:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 12:45 - 2017-09-28 23:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 12:45 - 2017-09-28 23:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 12:45 - 2017-09-28 23:34 - 001339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 12:45 - 2017-09-28 23:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 12:45 - 2017-09-28 23:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 12:45 - 2017-09-28 23:33 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 12:45 - 2017-09-28 23:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 12:45 - 2017-09-28 23:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 12:45 - 2017-09-28 23:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 12:45 - 2017-09-28 23:30 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 12:45 - 2017-09-28 23:30 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 12:45 - 2017-09-28 23:29 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 12:45 - 2017-09-28 23:29 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 12:45 - 2017-09-28 23:29 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 12:45 - 2017-09-28 23:29 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 12:45 - 2017-09-28 23:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 12:45 - 2017-09-28 23:28 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-11 12:45 - 2017-09-28 23:28 - 000190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 12:45 - 2017-09-28 23:28 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 12:45 - 2017-09-18 14:37 - 000434592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 12:45 - 2017-09-18 14:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-11 12:44 - 2017-09-29 18:29 - 001427656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 12:44 - 2017-09-29 18:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 12:44 - 2017-09-29 18:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 12:44 - 2017-09-29 18:26 - 001241240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 12:44 - 2017-09-29 18:10 - 005862296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 12:44 - 2017-09-29 18:10 - 001971232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 12:44 - 2017-09-29 18:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 12:44 - 2017-09-29 18:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 12:44 - 2017-09-29 18:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 12:44 - 2017-09-29 18:06 - 002022808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 12:44 - 2017-09-29 18:06 - 000582552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 12:44 - 2017-09-29 18:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 12:44 - 2017-09-29 18:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 12:44 - 2017-09-29 18:05 - 000755608 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 12:44 - 2017-09-29 18:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 12:44 - 2017-09-29 18:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 12:44 - 2017-09-29 18:04 - 001520536 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 12:44 - 2017-09-29 18:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 12:44 - 2017-09-29 18:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 12:44 - 2017-09-29 18:04 - 000186776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 12:44 - 2017-09-29 18:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 12:44 - 2017-09-29 18:04 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 12:44 - 2017-09-29 18:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 12:44 - 2017-09-29 18:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 001293856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 001158040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 000960920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 000649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-11 12:44 - 2017-09-29 18:02 - 000635800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 000496024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-11 12:44 - 2017-09-29 18:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 12:44 - 2017-09-28 23:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 12:44 - 2017-09-28 23:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 12:44 - 2017-09-28 23:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 12:44 - 2017-09-28 23:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 12:44 - 2017-09-28 23:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 12:44 - 2017-09-28 23:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 12:44 - 2017-09-28 23:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 12:44 - 2017-09-28 23:41 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 12:44 - 2017-09-28 23:41 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 12:44 - 2017-09-28 23:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 12:44 - 2017-09-28 23:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 12:44 - 2017-09-28 23:40 - 000432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 12:44 - 2017-09-28 23:40 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 12:44 - 2017-09-28 23:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 12:44 - 2017-09-28 23:40 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 12:44 - 2017-09-28 23:40 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 12:44 - 2017-09-28 23:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 12:44 - 2017-09-28 23:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 12:44 - 2017-09-28 23:38 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 12:44 - 2017-09-28 23:37 - 001513984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 12:44 - 2017-09-28 23:37 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-11 12:44 - 2017-09-28 23:37 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-10-11 12:44 - 2017-09-28 23:37 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 12:44 - 2017-09-28 23:37 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 12:44 - 2017-09-28 23:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 002957824 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 000834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 12:44 - 2017-09-28 23:36 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 12:44 - 2017-09-28 23:35 - 001993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 12:44 - 2017-09-28 23:35 - 001832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 12:44 - 2017-09-28 23:34 - 001089536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-11 12:44 - 2017-09-28 23:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 12:44 - 2017-09-28 23:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 12:44 - 2017-09-28 23:33 - 002123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 12:44 - 2017-09-28 23:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 12:44 - 2017-09-28 23:33 - 001137152 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 12:44 - 2017-09-28 23:33 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 12:44 - 2017-09-28 23:33 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 002373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 001490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 12:44 - 2017-09-28 23:32 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 12:44 - 2017-09-28 23:31 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 12:44 - 2017-09-28 23:31 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 12:44 - 2017-09-28 23:31 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 12:44 - 2017-09-28 23:31 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 12:44 - 2017-09-28 23:30 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 12:44 - 2017-09-28 23:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 12:44 - 2017-09-28 23:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 12:44 - 2017-09-28 23:29 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 12:44 - 2017-09-28 23:28 - 001926656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 12:44 - 2017-09-28 23:28 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 12:44 - 2017-09-28 23:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 12:44 - 2017-09-28 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 12:44 - 2017-09-28 23:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 12:44 - 2017-09-28 23:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 12:44 - 2017-09-28 23:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 12:44 - 2017-09-28 21:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 12:44 - 2017-09-20 07:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2017-10-11 12:44 - 2017-09-20 07:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2017-10-11 12:44 - 2017-09-20 07:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2017-10-11 12:44 - 2017-09-18 14:50 - 000902896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 12:44 - 2017-09-18 14:50 - 000790816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 12:44 - 2017-09-18 14:47 - 001089344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 12:44 - 2017-09-18 14:47 - 000954592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 12:44 - 2017-09-18 14:40 - 000877984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 12:44 - 2017-09-18 14:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 12:44 - 2017-09-18 14:19 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 12:44 - 2017-09-18 14:18 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-10 14:11 - 2017-10-10 14:11 - 000245736 _____ (Mozilla) C:\Users\Pamela\Downloads\Firefox Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-09 16:02 - 2017-01-31 07:43 - 000000000 ____D C:\ProgramData\Gramblr
2017-11-09 16:01 - 2016-08-14 04:45 - 001909029 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-09 15:58 - 2016-02-20 09:54 - 000000000 ___RD C:\Users\Pamela\Desktop\LT sound files
2017-11-09 15:17 - 2017-07-16 09:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-09 13:54 - 2015-11-05 07:55 - 000000000 ____D C:\ProgramData\MediaMall
2017-11-09 07:28 - 2017-01-31 07:43 - 000000000 ____D C:\Program Files\Gramblr
2017-11-09 06:49 - 2014-09-20 09:38 - 000000000 ___RD C:\Users\Pamela\Desktop\Lori Stuff
2017-11-08 00:11 - 2017-03-18 10:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-08 00:11 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-07 14:16 - 2017-08-18 07:44 - 000000000 ____D C:\Users\Pamela\Desktop\Pam R
2017-11-06 18:38 - 2017-04-03 07:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-11-06 15:32 - 2014-09-12 10:03 - 000056342 _____ C:\Users\Pamela\Documents\Target.wpd
2017-11-03 10:47 - 2015-08-03 05:47 - 000002377 _____ C:\Users\Pamela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-03 10:47 - 2015-08-03 05:47 - 000000000 ___RD C:\Users\Pamela\OneDrive
2017-11-02 14:45 - 2017-03-18 10:21 - 000000000 ____D C:\WINDOWS\INF
2017-11-01 02:33 - 2014-03-24 15:23 - 000412764 _____ C:\Users\Pamela\Documents\chapt1.wpd
2017-10-28 08:45 - 2017-07-16 09:58 - 000000000 ____D C:\Users\Pamela
2017-10-28 07:27 - 2017-10-08 14:40 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-28 07:27 - 2017-10-08 14:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-28 07:27 - 2017-07-16 10:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-28 07:26 - 2017-03-17 22:02 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-10-26 07:38 - 2017-03-24 15:32 - 000776064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys
2017-10-25 13:05 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-24 17:50 - 2017-09-08 06:54 - 000000000 ____D C:\Users\Pamela\AppData\Local\CrashDumps
2017-10-21 03:17 - 2017-07-16 09:55 - 000462800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-20 07:38 - 2015-03-27 04:42 - 000000000 ____D C:\ProgramData\AVG
2017-10-20 07:37 - 2017-03-24 15:32 - 000491976 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000142240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2017-10-20 07:37 - 2017-03-24 15:32 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-10-19 14:07 - 2014-03-21 11:26 - 000000000 ____D C:\Users\Pamela\AppData\Roaming\Corel
2017-10-19 14:04 - 2017-07-23 05:49 - 000000000 ____D C:\Users\Pamela\Documents\My PSP Files
2017-10-19 14:04 - 2017-07-10 16:50 - 000000952 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2017-10-18 10:18 - 2017-03-18 10:14 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-16 18:41 - 2015-01-27 10:25 - 000170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-10-14 04:49 - 2017-03-18 10:23 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-13 10:28 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 16:21 - 2017-03-18 10:25 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-10-12 16:21 - 2017-03-18 10:25 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-10-11 23:41 - 2017-07-16 09:57 - 001157480 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-11 23:38 - 2015-08-03 05:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-11 20:05 - 2017-03-18 10:23 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 20:05 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 20:05 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 20:05 - 2017-03-18 10:23 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-11 12:56 - 2014-03-24 21:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 12:52 - 2016-04-13 05:04 - 124059592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 09:22 - 2016-11-19 03:16 - 000000000 ____D C:\Users\Pamela\AppData\LocalLow\Mozilla

==================== Files in the root of some directories =======

2015-12-08 06:42 - 2015-12-08 06:45 - 028349440 _____ (Jive Software) C:\Program Files\spark_2_5_8.exe
2017-09-08 06:35 - 2017-09-08 06:35 - 000000036 _____ () C:\Users\Pamela\AppData\Local\housecall.guid.cache
2017-04-24 06:12 - 2017-04-24 06:12 - 000000017 _____ () C:\Users\Pamela\AppData\Local\resmon.resmoncfg
2016-12-27 07:41 - 2016-11-23 05:37 - 000000570 _____ () C:\Users\Pamela\AppData\Local\TroubleshooterConfig.json
2017-07-16 09:56 - 2017-07-16 09:56 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-07-10 16:48 - 2017-07-10 16:48 - 000476752 _____ () C:\ProgramData\pswi_preloaded.exe

Some files in TEMP:
====================
2017-11-02 16:39 - 2017-07-16 10:49 - 000624368 _____ (Microsoft Corporation) C:\Users\Pamela\AppData\Local\Temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-08 10:47

==================== End of FRST.txt ============================
You do not have the required permissions to view the files attached to this post.
MMGirl65
Active Member
 
Posts: 3
Joined: November 9th, 2017, 7:37 pm
Advertisement
Register to Remove

Re: Help! May Be Infected!

Unread postby pgmigg » November 9th, 2017, 9:07 pm

Hello MMGirl65,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help! May Be Infected!

Unread postby MMGirl65 » November 9th, 2017, 10:19 pm

Hello pgmigg,

Thank you so much for your help. I look forward to your next response.

Have a good evening!

Kim
MMGirl65
Active Member
 
Posts: 3
Joined: November 9th, 2017, 7:37 pm

Re: Help! May Be Infected!

Unread postby pgmigg » November 10th, 2017, 12:06 am

Hello MMGirl65,

Thank you so much for your help. I look forward to your next response.

Have a good evening!
You are welcome! :)

Warning! License issue with Microsoft Office Enterprise 2007
The Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on a home computer.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007 however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:
    1. Please press the Windows Key + R.
    2. Enter appwiz.cpl into the text box and click OK.
    3. Locate the following programs:
      MS Office Enterprise 2007
    4. Click on the Change/Remove button to uninstall it.
    5. When the program have been uninstalled, please close Control Panel
    6. Reboot (restart) your computer.

    Step 1.
    Run CKScanner
    1. Please download CKScanner from Here
    2. Important: - Save it to your Desktop.
    3. Double-click CKScanner.exe and click Search For Files.
    4. After a very short time, when the cursor hourglass disappears, click Save List To File.
    5. A message box will verify the file saved.
    6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Step 3.
    TSG - SysInfo utility
    1. Please download SysInfo utility and save it to your Desktop.
    2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
    3. Right click, select copy and then paste in your next post.

    Then:
    Please tell me is this computer used for business purposes and connected to a business or educational network?
    I need to know it - so I can provide the proper instructions.

    Please include in your next reply:
    1. Do you have any problems executing the instructions?
    2. Your decision about Microsoft Office Enterprise 2007
    3. Contents of CKFiles.txt log file
    4. Contents of SysInfo scan
    5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Help! May Be Infected!

Unread postby MMGirl65 » November 10th, 2017, 1:03 pm

Hi,

I'm sorry. I can't remove it. I need it for work. I would get fired without it. BTW, a computer guy installed it.

Thanks anyway.
MMGirl65
Active Member
 
Posts: 3
Joined: November 9th, 2017, 7:37 pm

Re: Help! May Be Infected!

Unread postby pgmigg » November 10th, 2017, 1:06 pm

Hello MMGirl65,

MMGirl65 wrote:I need it for work. I would get fired without it. BTW, a computer guy installed it.


Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware