Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Slow Internet and JSTechBrolo.f infection


  • This topic is locked This topic is locked
31 replies to this topic

#1 HSV30

HSV30

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 24 November 2017 - 01:52 PM

After noticing several web sites loading pages very slowly, I decided to run a speed test. My IP is SuddenLink(cable) and I pay for up to 50Mbps, which I was getting when last tested, probably a year ago. After testing, I am now getting from 1 to 3 Mbps on the desktop (ethernet connection). I used 2 different sites, SpeakEasy and Speed Test. Thinking maybe it was an IP issue, but before I called SuddenLink, I checked my mobile devices. I do get 25-48 Mbps by WIFI to mobile devices. Changes in system: I added a new WIFI router about 3 months ago, a Linksys EA7300, but did not check internet speed at that time. To eliminate the router as the problem I plugged my laptop directly by ethernet to a port on the router, turned off it's WIFI, and got 48 Mbps. Thinking I had a cable issue, I changed the ethernet coming from the desktop and replaced it with the cable I had just used with the laptop. Using same port also. No change, still 1-3 Mbps. I also tested without any other devices plugged into the router ethernet ports. No change. The only other change has been an upgrade from Windows 7 to Windows 10 in July of 2016. Apparently the problem is at the desktop. I checked for driver updates for the network adapter and everything appears to be up to date. 

 

Using Windows 10 Home v1703, Microsoft Windows Defender supplemented by MBAM Pro, Super AntiSpyware, and CyberReason and using Edge as my browser.

 

Recent history: on 7/17 MBAM quarantined Plumbytes and SpyHunter, on 10/17 MBAM quarantined a PUP, Wisefixer; on 11/16 MBAM quarantined TweakBit, about 3 weeks ago while browsing I encountered the Fake Microsoft Tech Support Warning and I managed to stop it with Task Manager; on 11/8 Windows Defender quarantined Support Scam: JS TechBroLo.F; About 11/20 is when I began running the above speed tests; yesterday I followed the Remove Microsoft Security Alert guide from this website.  I ran Rkill, MBAM (with rootkit enabled), MB Adwarecleaner.  They cleaned the following PUP's: Tweakbit, Legacy, DriverAgent, and AusLogics DriverUpdater. Reset Edge to default settings. Ran HitmanPro and it found and removed 13 tracking cookies, Blekko and Coupon Bar. Ran Emsisoft Emergency Kit and it removed the following PUP's: Adwire, Registry Mechanic, Adaware, and Internet Optimizer.  After all of this I still can get only around 1 Mbps with a speed test.  Logs attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 24 November 2017 - 02:04 PM

Logs pasted:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017
Ran by Kenneth Taylor (administrator) on OFFICE-PC (24-11-2017 12:05:52)
Running from C:\Users\Kenneth Taylor\Desktop
Loaded Profiles: Kenneth Taylor (Available Profiles: Kenneth Taylor & Administrator)
Platform: Windows 10 Home Version 1703 15063.632 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftPerfect) C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Amazon Services LLC) C:\Users\Kenneth Taylor\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
"Path" (C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\ -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\) <==== Repaired successfully
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-04-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-09-01] (Apple Inc.)
HKLM-x32\...\Run: [CaddieSyncConduit] => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
Winlogon\Notify\igfxcui: C:\Windows\System32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Run: [WiFi Guard] => C:\Program Files\SoftPerfect WiFi Guard\WiFiGuard.exe [4971848 2016-04-13] (SoftPerfect)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Run: [Amazon Music] => C:\Users\Kenneth Taylor\AppData\Local\Amazon Music\Amazon Music Helper.exe [3700200 2017-07-18] (Amazon Services LLC)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2013-04-05]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Kenneth Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-09-21]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Kenneth Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2017-10-04]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40401c1a-8266-498e-9be1-bdfd23868a19}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{ac12aa4f-74c0-491b-bc59-91089224b2ee}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0425v105k4521r59o
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0425v105k4521r59o
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hsvpoa.org/golf/
hxxp://dailycaller.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> {FE44CF39-0260-484B-AC47-5F9190F664D8} URL = hxxp://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1842B0EE-B597-11D4-8997-00104BD12D94} hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} hxxp://www.arkansashighways.com/Road/acgm.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/PCMagnum/controls/PCPitstop2.dll
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> hxxp://hsvpoa.org/golf
FireFox:
========
FF ProfilePath: C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956 [2017-11-24]
FF user.js: detected! => C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\user.js [2015-07-19]
FF Homepage: Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956 -> hxxp://hsvpoa.org/golf/
FF Extension: (YouTube™ Flash® Player) - C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-10-05]
FF Extension: (Adblock Plus) - C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2017-02-12] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-16] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2011-09-09] (Alcatel-Lucent)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-03-14] (Kaspersky Lab ZAO)
R3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-03] (Foolish IT LLC)
S3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-03] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [642712 2017-06-03] (Foolish IT LLC)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-09-25] (Macrovision Europe Ltd.) [File not signed]
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-11-23] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S4 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-25] (Alcatel-Lucent) [File not signed]
S4 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-25] (Alcatel-Lucent) [File not signed]
S3 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-17] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-10] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520176 2017-04-10] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-10] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-02-13] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-13] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-03-13] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-11-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-11-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-11-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-11-24] (Malwarebytes)
R1 MpKsl0a1026e8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC69BEF0-34C6-44B9-B247-8B4511764CAE}\MpKsl0a1026e8.sys [58120 2017-11-24] (Microsoft Corporation)
R1 MpKsl74a473e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00E3B1E2-744E-4278-B263-6F5B850761D3}\MpKsl74a473e5.sys [58120 2017-11-23] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-02-20] (microOLAP Technologies LTD)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 12:05 - 2017-11-24 12:06 - 000023728 _____ C:\Users\Kenneth Taylor\Desktop\FRST.txt
2017-11-24 12:05 - 2017-11-24 12:05 - 000000000 ____D C:\FRST
2017-11-24 12:04 - 2017-11-24 12:04 - 002393088 _____ (Farbar) C:\Users\Kenneth Taylor\Desktop\FRST64.exe
2017-11-24 11:12 - 2017-11-24 11:12 - 000512133 _____ C:\Users\Ra2i\voweldeclaredquietnote.xlsx
2017-11-24 11:12 - 2017-11-24 11:12 - 000500438 _____ C:\Users\Ac3te2t\determine.containing.searching.handed.xlsx
2017-11-24 11:12 - 2017-11-24 11:12 - 000230549 _____ C:\Users\Ac3te2t\quartphiladelphiasupportedarc.mdb
2017-11-24 11:12 - 2017-11-24 11:12 - 000203196 _____ C:\Users\Ra2i\wFaOvl.mdb
2017-11-24 11:12 - 2017-11-24 11:12 - 000075269 _____ C:\Users\Ac3te2t\presidentialsubsequentground.xls
2017-11-24 11:12 - 2017-11-24 11:12 - 000071873 _____ C:\Users\Ra2i\BBPaTq.xls
2017-11-24 11:12 - 2017-11-24 11:12 - 000058003 _____ C:\Users\Ra2i\recalled_stamp_grand_asia.pem
2017-11-24 11:12 - 2017-11-24 11:12 - 000055870 _____ C:\Users\Ac3te2t\garden.locate.pem
2017-11-24 11:12 - 2017-11-24 11:12 - 000030309 _____ C:\Users\Ra2i\losing raise door.txt
2017-11-24 11:12 - 2017-11-24 11:12 - 000018177 _____ C:\Users\Ac3te2t\method-stadium.sql
2017-11-24 11:12 - 2017-11-24 11:12 - 000014537 _____ C:\Users\Ac3te2t\SyV.txt
2017-11-24 11:12 - 2017-11-24 11:12 - 000013997 _____ C:\Users\Ra2i\folklore.conclusions.ears.sql
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 __SHD C:\Users\Kenneth Taylor\Desktop\ This folder protects against ransomware. Modifying it will reduce protection
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ___HD C:\Users\Ra2i
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ___HD C:\Users\Kenneth Taylor\Documents\Ydata165
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ___HD C:\Users\Kenneth Taylor\Documents\aahdates7
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ___HD C:\Users\Ac3te2t
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ____D C:\Xconfiguration227
2017-11-24 11:12 - 2017-11-24 11:12 - 000000000 ____D C:\.scached181
2017-11-24 10:51 - 2017-11-24 10:51 - 000000000 ____D C:\ProgramData\Emsisoft
2017-11-24 10:49 - 2017-11-24 11:09 - 000000000 ____D C:\EEK
2017-11-24 08:56 - 2017-11-24 10:47 - 302557352 _____ C:\Users\Kenneth Taylor\Desktop\EmsisoftEmergencyKit.exe
2017-11-23 11:58 - 2017-11-23 11:58 - 000001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-11-23 11:58 - 2017-11-23 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-11-23 11:58 - 2017-11-23 11:58 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-23 11:40 - 2017-11-24 08:44 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-23 11:38 - 2017-11-23 11:42 - 011584088 _____ (SurfRight B.V.) C:\Users\Kenneth Taylor\Desktop\HitmanPro_x64.exe
2017-11-23 11:15 - 2017-11-23 11:16 - 008261584 _____ (Malwarebytes) C:\Users\Kenneth Taylor\Desktop\AdwCleaner.exe
2017-11-23 10:32 - 2017-11-23 10:32 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Kenneth Taylor\Desktop\rkill.exe
2017-11-08 19:34 - 2017-11-08 19:34 - 001104348 _____ C:\Users\Kenneth Taylor\Desktop\National-Park-Physician-Services_11-08-17.zip
2017-11-08 18:51 - 2017-11-08 18:51 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1BA05E1A.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 12:03 - 2013-05-27 20:55 - 000000000 ____D C:\Users\Kenneth Taylor\AppData\Local\WiFi Guard
2017-11-24 11:17 - 2017-07-04 09:16 - 001229578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-24 11:11 - 2017-07-04 09:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-24 11:11 - 2017-03-24 08:19 - 000101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-24 11:11 - 2017-03-24 08:19 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-24 11:11 - 2017-03-24 08:19 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-24 11:11 - 2014-10-04 12:53 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-24 11:11 - 2013-09-11 19:01 - 000008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-11-24 11:11 - 2013-07-11 07:35 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-11-24 11:10 - 2017-03-18 05:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-24 10:55 - 2017-03-18 14:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-24 10:40 - 2017-07-04 08:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-24 08:44 - 2017-07-04 09:21 - 000004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{515F29A2-FE6D-46F9-A5D4-862F701A3907}
2017-11-24 08:44 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-23 11:20 - 2017-03-05 14:44 - 000000000 ____D C:\AdwCleaner
2017-11-22 08:53 - 2016-07-25 18:22 - 000000000 ____D C:\Users\Kenneth Taylor\AppData\Local\Comms
2017-11-21 16:18 - 2010-09-22 16:59 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-16 16:31 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-16 16:31 - 2012-11-06 09:27 - 000000000 ____D C:\Users\Kenneth Taylor\AppData\Local\ElevatedDiagnostics
2017-11-16 16:16 - 2012-06-20 20:22 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-16 13:54 - 2010-09-24 12:54 - 000000000 ____D C:\Users\Kenneth Taylor\Desktop\Manuals
2017-11-16 13:45 - 2010-09-22 22:20 - 000000000 ____D C:\Users\Kenneth Taylor\AppData\Local\Adobe
2017-11-16 13:44 - 2017-07-04 09:21 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-16 13:44 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-16 13:44 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 14:15 - 2017-07-04 09:21 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-14 14:15 - 2015-11-05 08:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 14:09 - 2013-07-21 17:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-14 14:02 - 2017-10-11 17:21 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-14 14:02 - 2010-09-22 23:31 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-03 13:57 - 2017-07-28 07:02 - 000003384 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1986910065-1566111469-2135244464-1001
2017-11-03 13:57 - 2016-07-25 18:06 - 000002441 _____ C:\Users\Kenneth Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-03 13:57 - 2016-07-25 18:06 - 000000000 ___RD C:\Users\Kenneth Taylor\OneDrive
2017-10-30 11:19 - 2010-09-22 16:32 - 000095416 _____ C:\Users\Kenneth Taylor\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-30 10:41 - 2017-07-04 08:59 - 000000000 ____D C:\Users\Kenneth Taylor
==================== Files in the root of some directories =======
2015-08-13 21:41 - 2016-12-10 19:13 - 000000452 _____ () C:\Users\Kenneth Taylor\AppData\Roaming\wklnhst.dat
2011-03-20 12:03 - 2012-01-14 12:40 - 000008192 _____ () C:\Users\Kenneth Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-18 15:07 - 2012-06-18 15:07 - 000000017 _____ () C:\Users\Kenneth Taylor\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-21 10:08
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by Kenneth Taylor (24-11-2017 12:07:24)
Running from C:\Users\Kenneth Taylor\Desktop
Windows 10 Home Version 1703 15063.632 (X64) (2017-07-04 15:30:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1986910065-1566111469-2135244464-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1986910065-1566111469-2135244464-503 - Limited - Disabled)
Guest (S-1-5-21-1986910065-1566111469-2135244464-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1986910065-1566111469-2135244464-1002 - Limited - Enabled)
Kenneth Taylor (S-1-5-21-1986910065-1566111469-2135244464-1001 - Administrator - Enabled) => C:\Users\Kenneth Taylor
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{2B12A4E9-C782-45EF-801E-ABD0A08D3D8D}) (Version: 10.2.21.3698 - Lavasoft Limited)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.2 - Nero AG) Hidden
Amazon Music (HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\Amazon Amazon Music) (Version: 5.6.1.1094 - Amazon Services LLC)
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.3.2.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon CanoScan 4400F User Registration (HKLM-x32\...\Canon CanoScan 4400F User Registration) (Version:  - )
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cybereason RansomFree 2.2.3.0 (HKLM-x32\...\{D94D745E-266E-4B2B-B505-7B6042C0C1C9}) (Version: 2.2.3.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Todo Backup Home 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HDtracks Downloader (HKLM-x32\...\HDtracks Downloader) (Version: 18 - J. River, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.8.37.11 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
KhalInstallWrapper (HKLM\...\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}) (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6344718C-AE30-4C86-B5CD-459077A83623}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{BE29EE5A-C6B7-454B-BE14-2F4AD8E91BB1}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero 9 Essentials (HKLM-x32\...\{f531dd03-45ef-45e9-ab97-2a0ab4f14907}) (Version:  - Nero AG)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
SoftPerfect WiFi Guard version 1.0.7 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.7 - SoftPerfect)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WD Drive Utilities (HKLM-x32\...\{C093AD5D-29E9-4777-AAAC-28C02FCC2A51}) (Version: 1.0.4.11 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{CA5859CA-D9A7-40BE-8318-3B514D6E4924}) (Version: 1.0.4.11 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.0.4.11 - Western Digital) Hidden
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Intel Corporation (igfx) Display  (07/19/2010 8.15.10.2182) (HKLM\...\0639BFE1ED0F0E0939D94E5D539B6B8A3D934D50) (Version: 07/19/2010 8.15.10.2182 - Intel Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/28/2010 6.0.1.6167) (HKLM\...\79AEA1A69F7CFB9A67E25897B8C0FED231E2FB8F) (Version: 07/28/2010 6.0.1.6167 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/02/2010 6.0.1.6235) (HKLM\...\B6FDC49334A15BAE1296DD4604B70A943A3366D6) (Version: 11/02/2010 6.0.1.6235 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\shellex.dll [2016-03-14] (Kaspersky Lab ZAO)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-06-18] (Lavasoft Limited)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\shellex.dll [2016-03-14] (Kaspersky Lab ZAO)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-06-18] (Lavasoft Limited)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\shellex.dll [2016-03-14] (Kaspersky Lab ZAO)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2013-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 16.0.0] -> {C845F70F-050A-4052-81DE-587D90C20FE8} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\shellex.dll [2016-03-14] (Kaspersky Lab ZAO)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll [2012-06-18] (Lavasoft Limited)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2016-04-19] (Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04BF0A29-802E-4E66-8E5F-B32508C196A8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {080F2A4A-61DA-43BC-B7D3-07B99E6A7E1D} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-24] (Cybereason)
Task: {1117868D-6AB1-47C3-B403-58550B8B47CC} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {16C23716-E05F-41AD-8F48-3B668840D151} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {18CB9EB1-08F3-4C31-82DA-83EF11B76730} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {1DE61306-5279-4DC1-9ADE-19AD6C1379E4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {20971573-4952-4870-811F-BE800C2F1942} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {20A4BE7E-6A5A-41FD-B224-6972823CEE66} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {2AD4E7C8-615C-4B3B-9C06-D81F574B65B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2E13AD5E-019E-4E85-A6BF-194AA40ADF95} - System32\Tasks\Western Digital\SmartWare\____Volume_9b01463b_a1a3_11e0_8f7c_806e6f6e6963______Volume_7bb0195b_14a0_11e3_aa29_90fba6867853__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2016-04-19] (Western Digital Technologies, Inc.)
Task: {327E0705-2D31-40B5-B145-974BACD8E84A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3F542005-5377-4B1F-B356-D36AD4A6E6CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {4165F7DD-8BA1-422C-85F8-2B5250434CF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {41894D63-3656-4874-87B0-2CFDEC1D4964} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {428EA156-EEF4-4698-BC3F-FF4011577D0D} - System32\Tasks\ScanToPCActivationApp.exe_{AD2730AE-E568-4448-B52A-2DC2A0F803CC} => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4637A38A-7825-4ECE-9C26-277D2AE6D5EA} - System32\Tasks\{94FAAA19-00A4-4DC7-91B3-3D6C9D2F91B8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kenneth Taylor\Desktop\startuplite-setup-1.07.exe" -d "C:\Users\Kenneth Taylor\Desktop"
Task: {4BCEF17E-A8F9-4905-A42C-FD3ACF1EB08F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4EF019C2-7811-4F0D-B94D-67D109B538CC} - System32\Tasks\SUPERAntiSpyware Scheduled Task ed555859-4b03-4370-8fae-0ba95840a8d6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {5185D5C1-970F-4562-AF4D-2AEC63169D31} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {559C9730-5265-415A-AB41-FD0003CB7BC9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {622B5EBF-9243-4D5D-BE33-1D4DC5710914} - System32\Tasks\Western Digital\SmartWare\____Volume_9b01463b_a1a3_11e0_8f7c_806e6f6e6963______Volume_a689ec32_9d47_11e0_8e25_90fba6867853__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2016-04-19] (Western Digital Technologies, Inc.)
Task: {65F706E2-230A-46DA-B6A2-CE6E56216CD1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {666029F5-4BAD-4D63-AAB9-429EEEA06E06} - System32\Tasks\{1F2BFDB2-C65F-4422-A8D8-50B513B5BFA8} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kenneth Taylor\Downloads\windirstat1_1_2_setup.exe" -d "C:\Users\Kenneth Taylor\Desktop"
Task: {67C788B0-6C17-485C-A998-9890E907D7A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {70897A3A-410F-4703-A64D-E734811E6D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7679B46F-AF22-4563-9E1C-104756A1F50E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-09] ()
Task: {7B51BCF8-EEB5-4810-8B33-04127F4FF50C} - System32\Tasks\{07776FA6-C210-4BCE-A3F0-98B260E5D212} => C:\Windows\system32\pcalua.exe -a "C:\Users\Kenneth Taylor\Downloads\The_Ultimate_Troubleshooter_4.92.exe" -d "C:\Users\Kenneth Taylor\Downloads"
Task: {86A19CBC-70ED-47C1-B60A-A00AA96C4A4E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87E7E49D-99E5-489A-B173-DBD4FB7DF342} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8E154325-0897-45E4-B3C7-1A814AB1ABA3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {91EBC8FF-4DBE-4557-A0E1-A17239C7224D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9786B0BD-DD01-4215-A44C-F161419D1043} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {A60A7B8C-E0E3-4E7C-89E3-E38946E0AA81} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AAAE4AB1-D984-4A14-97C2-26FA4A581E62} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B3CFF74F-1F08-4457-BAF1-7A4FAC542C25} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B72B2D85-C362-4CB9-BDE5-165A87BA4F69} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0781AA0-591B-420E-8B6D-4D2B66D971F9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C26970EF-9012-45A6-95D6-07DA79571B53} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CAD7DED0-023F-42BD-86E0-E38D02C61A36} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D650C36D-8D63-4D18-BFE5-232F078AD810} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D8509511-C9F4-4F57-B9DA-6B84A7E78ED5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCCBBDD4-8ACF-494A-BFB9-D56FA21329BA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF740CF8-08AE-4768-B8BE-32B000120E2D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E8038490-BE5B-4F0D-8446-82CDC0FD182C} - System32\Tasks\SUPERAntiSpyware Scheduled Task ccab5bd2-53d7-401c-b35e-1415a312c41b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E83404E4-C507-4E8E-8E28-88D5D4BA5C69} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EACEC8C4-2D24-4EEE-8F04-B922ECE52471} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-16] (Adobe Systems Incorporated)
Task: {F2284C14-88DE-40B7-87A7-66B7C5E1168A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F5568E11-9447-4BFD-9954-88548602E76D} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {F8568FCC-E715-483E-83CA-9DF43FF1D93D} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-24] (Cybereason)
Task: {FFC391F6-686C-46D0-9EDC-DE536E99CDE9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ccab5bd2-53d7-401c-b35e-1415a312c41b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task ed555859-4b03-4370-8fae-0ba95840a8d6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe-t C:\Program Files\TechUtilities\TechUtilities.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-03-24 08:18 - 2017-07-17 18:38 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 13:34 - 2006-09-20 07:35 - 000020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2010-09-23 13:34 - 2006-09-19 15:05 - 000024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2017-09-19 14:34 - 2017-09-19 14:34 - 000054488 _____ () C:\Program Files (x86)\CCleaner\branding.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000098888 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-01-18 12:05 - 2013-11-14 14:59 - 000031304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2014-01-18 12:06 - 2013-09-04 11:19 - 000050248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000029768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2014-01-18 12:05 - 2008-11-25 17:18 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2014-01-18 12:06 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2014-01-18 12:05 - 2014-01-13 18:06 - 000105544 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000030280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000293960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000578632 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000468040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000192072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-01-18 12:05 - 2013-12-23 11:01 - 000281672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000068680 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-01-18 12:06 - 2013-09-04 11:19 - 000069192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000022600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2014-01-18 12:06 - 2013-09-04 11:19 - 000115784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000192584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-01-18 12:05 - 2013-09-04 11:19 - 000135752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-01-18 12:05 - 2013-10-22 17:31 - 000037960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-01-18 12:06 - 2013-09-04 11:19 - 000135240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2014-01-18 12:05 - 2013-12-24 17:42 - 000017992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-01-18 12:06 - 2013-09-04 11:19 - 000096840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703 [338]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:3or4kl4x13tuuug3Byamue2s4b [101]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\flickr.com -> hxxps://flickr.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\123simsen.com -> www.123simsen.com
There are 7777 more sites.

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-10-18 16:45 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kenneth Taylor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Amazon Music => "C:\Users\Kenneth Taylor\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CaddieSync Express => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
MSCONFIG\startupreg: CaddieSyncConduit => C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: HF_G_Jul => "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\...\StartupApproved\StartupFolder: => "Logitech SetPoint.lnk"
HKLM\...\StartupApproved\Run: => "Kernel and Hardware Abstraction Layer"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CaddieSyncConduit"
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{963F8E81-573E-47D4-9610-624BF9AC3ADC}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{CEE4DDE8-3B11-476F-B2FC-24B097083C2B}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{D9EEA336-15FF-467B-B8C6-764142BD6618}C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{ABB44113-1820-4F88-9897-4CE6B0EBCA4E}C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{4A92105D-21A3-422A-854E-649FA3637C5D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{6E171DD2-BD7C-41C7-B3EC-D0E5DFC6E079}C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{7090D238-4FEC-49B0-B4C4-97D1C4393205}C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\kenneth taylor\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{56921530-CF45-4EB5-A342-FEAB31EB2526}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{742734D0-337A-4D42-A654-FF4386B40988}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{43CBAC5F-89AE-4B6F-8300-F4DD7D1036B2}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{CC3C7350-24F2-4F50-81AE-BF8338A412DC}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{A8E7779D-3BED-4284-AE34-E7B96F03EF65}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{A9986BA9-AF12-451A-A7E3-531001E6A660}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{C74A32CF-3566-41E8-A631-0D44522C98E0}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{A890386E-1D76-43FB-A6CB-6FAFCAC2BA5D}C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{5E92B59A-B89C-4A8C-9A5E-FD7748079569}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Restore Points =========================
11-10-2017 17:20:37 Windows Update
14-11-2017 14:01:13 Windows Update
22-11-2017 10:12:04 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2017 10:55:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070005).
Error: (11/24/2017 09:30:31 AM) (Source: MsiInstaller) (EventID: 1013) (User: OFFICE-PC)
Description: Application: Kaspersky Total Security -- Application upgrade is in progress. Removing the application is not allowed now. You are recommended to retry application removal after computer reboot.
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000260,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000006B544FEB30.72).  hr = 0x80070005, Access is denied.
.
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000994,(null),0,REG_BINARY,0000000C6697D980.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {ad21ef60-e08d-4718-aab2-9d7aca3fbde4}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000023c,(null),0,REG_BINARY,00000032E32FDBB0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {842b2953-8c7b-418e-b8ae-067b2b23f6c3}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e4,(null),0,REG_BINARY,0000006C4057D7A0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5f36c98a-fc24-4744-be51-3a640f55b4e4}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,0000006B53DFEF80.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {3d89d601-2ff6-400d-8bdc-9e57a410a105}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000006B5407E750.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {2dfc4723-7870-4957-9b63-7a223e3241b9}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000023c,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000006B53FFE6B0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {74d1b35c-e554-4114-bc25-c838366f31ac}
Error: (11/24/2017 08:44:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000023c,(null),0,REG_BINARY,00000032E32FDBB0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {842b2953-8c7b-418e-b8ae-067b2b23f6c3}

System errors:
=============
Error: (11/24/2017 11:17:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9WZDNCRFJ3PT-Microsoft.ZuneMusic.
Error: (11/24/2017 11:17:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.
Error: (11/24/2017 11:17:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9WZDNCRFJBMP-Microsoft.WindowsStore.
Error: (11/24/2017 11:17:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.
Error: (11/24/2017 11:17:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9WZDNCRFJ3PT-Microsoft.ZuneMusic.
Error: (11/24/2017 11:17:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.
Error: (11/24/2017 11:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9WZDNCRFJ3PM-Microsoft.WindowsPhone.
Error: (11/24/2017 11:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NBLGGH3FRZM-Microsoft.VCLibs.140.00.
Error: (11/24/2017 11:16:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9WZDNCRFHWD2-Microsoft.MicrosoftSolitaireCollection.
Error: (11/24/2017 11:16:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: 9NBLGGH1QWGC-Microsoft.Advertising.Xaml.

CodeIntegrity:
===================================
  Date: 2017-11-24 12:04:17.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 12:00:32.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:58:07.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:48:31.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:41:35.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:39:12.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:37:58.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:36:35.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:25:43.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-11-24 11:18:05.723
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 45%
Total physical RAM: 6007.09 MB
Available physical RAM: 3278.11 MB
Total Virtual: 12151.09 MB
Available Virtual: 9186.32 MB
==================== Drives ================================
Drive b: (Gateway) (Network) (Total:912.94 GB) (Free:738.28 GB) NTFS
Drive c: (Gateway) (Fixed) (Total:912.94 GB) (Free:738.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0A6C7D0F)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=119 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=453 MB) - (Type=27)
==================== End of Addition.txt ============================

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 25 November 2017 - 09:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
====


Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
FF user.js: detected! => C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\user.js [2015-07-19]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
U4 aspnet_state; no ImagePath
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {20A4BE7E-6A5A-41FD-B224-6972823CEE66} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4BCEF17E-A8F9-4905-A42C-FD3ACF1EB08F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {67C788B0-6C17-485C-A998-9890E907D7A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {70897A3A-410F-4703-A64D-E734811E6D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {87E7E49D-99E5-489A-B173-DBD4FB7DF342} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C26970EF-9012-45A6-95D6-07DA79571B53} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D650C36D-8D63-4D18-BFE5-232F078AD810} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFC391F6-686C-46D0-9EDC-DE536E99CDE9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703 [338]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:3or4kl4x13tuuug3Byamue2s4b [101]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

SupportScam:JS/TechBrolo

Read these topics.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=SupportScam:JS/TechBrolo.A

This one from BleepingComputer.
https://www.bleepingcomputer.com/forums/t/663704/extremely-slow-internet-and-jstechbrolof-infection/

Look in the Windows Defender Quarantine folder. You may be able to identify the bad link and remove it.

===

Please let me know if the problem persists with this computer.

#4 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 25 November 2017 - 12:50 PM

Here is the fixlog file. Searching through Windows Defender I have not been able to find a link/file relating to the 11/8 quarantining, although there are several folders created at 6:26pm on 11/8, but they are all empty.  Nothing in the Quarantine history.  The slow internet speed remains the same.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Kenneth Taylor (25-11-2017 10:42:53) Run:1
Running from C:\Users\Kenneth Taylor\Desktop
Loaded Profiles: Kenneth Taylor &  (Available Profiles: Kenneth Taylor & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1986910065-1566111469-2135244464-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
FF user.js: detected! => C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\user.js [2015-07-19]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
U4 aspnet_state; no ImagePath
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {20A4BE7E-6A5A-41FD-B224-6972823CEE66} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4BCEF17E-A8F9-4905-A42C-FD3ACF1EB08F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {67C788B0-6C17-485C-A998-9890E907D7A3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {70897A3A-410F-4703-A64D-E734811E6D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {87E7E49D-99E5-489A-B173-DBD4FB7DF342} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C26970EF-9012-45A6-95D6-07DA79571B53} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D650C36D-8D63-4D18-BFE5-232F078AD810} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FFC391F6-686C-46D0-9EDC-DE536E99CDE9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703 [338]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:3or4kl4x13tuuug3Byamue2s4b [101]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1986910065-1566111469-2135244464-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\ToolbarSearchProviderProgress => value removed successfully
C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\user.js => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0 => key removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => key removed successfully
aspnet_state => service removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => key removed successfully
HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => key removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20A4BE7E-6A5A-41FD-B224-6972823CEE66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20A4BE7E-6A5A-41FD-B224-6972823CEE66} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BCEF17E-A8F9-4905-A42C-FD3ACF1EB08F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BCEF17E-A8F9-4905-A42C-FD3ACF1EB08F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67C788B0-6C17-485C-A998-9890E907D7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C788B0-6C17-485C-A998-9890E907D7A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70897A3A-410F-4703-A64D-E734811E6D59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70897A3A-410F-4703-A64D-E734811E6D59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87E7E49D-99E5-489A-B173-DBD4FB7DF342} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87E7E49D-99E5-489A-B173-DBD4FB7DF342} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C26970EF-9012-45A6-95D6-07DA79571B53} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C26970EF-9012-45A6-95D6-07DA79571B53} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D650C36D-8D63-4D18-BFE5-232F078AD810} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D650C36D-8D63-4D18-BFE5-232F078AD810} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFC391F6-686C-46D0-9EDC-DE536E99CDE9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC391F6-686C-46D0-9EDC-DE536E99CDE9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
C:\ProgramData\TEMP => ":D2F2F703" ADS removed successfully.
"C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Kenneth Taylor\Desktop\DriversLiscense.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Kenneth Taylor\Desktop\Survivor's Statement.tiff => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 116412068 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 26782877 B
Edge => 26327040 B
Chrome => 0 B
Firefox => 24613002 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2408 B
NetworkService => 1308574 B
Kenneth Taylor => 348414538 B
Administrator => 82416 B
RecycleBin => 71484708 B
EmptyTemp: => 594.5 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 10:46:13 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 25 November 2017 - 02:11 PM

Hi,
 

although there are several folders created at 6:26pm on 11/8, but they are all empty.

All empte folder can be deleted.

===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the computer is still slow run this scan.

Please download Zemana Antimalware (Freeware) and save it to your computer's Desktop.
  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the UAC security warning that may appear.
  • Select the language and click the OK button.
  • Click the Next button, accept the EULA warning and follow the instructions to continue and install the program.
  • Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete.
  • Without changing any options, click Scan to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then select your computer's Desktop and click the Save button.
Please attach the saved report in your next reply.

#6 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 25 November 2017 - 10:18 PM

Here are the fixlog.txt and the Zemana logs.  The internet speed is still less than 3 Mbps.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by Kenneth Taylor (25-11-2017 20:42:28) Run:2
Running from C:\Users\Kenneth Taylor\Desktop
Loaded Profiles: Kenneth Taylor (Available Profiles: Kenneth Taylor & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reboot:
End
*****************
Restore point was successfully created.
Processes closed successfully.
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

========= IPCONFIG /release =========

Windows IP Configuration
No operation can be performed on Ethernet while it has its media disconnected.
Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::cc53:4bda:32f1:9419%9
   Default Gateway . . . . . . . . . :
Tunnel adapter Local Area Connection* 10:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c65:3f97:3f57:fe92
   Link-local IPv6 Address . . . . . : fe80::2c65:3f97:3f57:fe92%7
   Default Gateway . . . . . . . . . : ::
========= End of CMD: =========

========= IPCONFIG /renew =========

Windows IP Configuration
No operation can be performed on Ethernet while it has its media disconnected.
Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::cc53:4bda:32f1:9419%9
   IPv4 Address. . . . . . . . . . . : 192.168.1.109
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Local Area Connection* 10:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3837:2c58:3f57:fe92
   Link-local IPv6 Address . . . . . : fe80::3837:2c58:3f57:fe92%7
   Default Gateway . . . . . . . . . : ::
========= End of CMD: =========

========= netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========
Ok.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv4 reset =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{FFEAE586-0F20-473D-B03C-270A23EBAD55} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
 
The system needed a reboot.
==== End of Fixlog 20:43:13 ====

 

 

Zemana AntiMalware 2.74.2.150 (Installed)
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/11/25
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3 CPU  530 @ 2.93GHz
BIOS Mode              : Legacy
CUID                   : 127B9434C20BC29680652A
Scan Type              : System Scan
Duration               : 12m 32s
Scanned Objects        : 120873
Detected Objects       : 7
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Edge Homepage
Status             : Scanned
Object             : http://hsvpoa.org/golf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Homepage
Edge Homepage
Status             : Scanned
Object             : http://hsvpoa.org/golf/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge Homepage
Internet Explorer Homepage
Status             : Scanned
Object             : http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0425v105k4521r59o
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
Internet Explorer Homepage
Status             : Scanned
Object             : http://dailycaller.com/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
Internet Explorer Homepage
Status             : Scanned
Object             : http://hsvpoa.org/golf/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
Internet Explorer URL
Status             : Scanned
Object             : http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0425v105k4521r59o
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer URL
Firefox Homepage
Status             : Scanned
Object             : http://hsvpoa.org/golf/
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Homepage

Cleaning Result
-------------------------------------------------------
Cleaned               : 7
Reported as safe      : 0
Failed                : 0


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 26 November 2017 - 08:11 AM



Hi,

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

If the problem persists please start the computer in Safe Mode with Internet Connection.

How to:
https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10

Read the instructions before proceeding.

Let me know if the problem persists in that mode.

You can return to normal mode when ready.

#8 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 26 November 2017 - 03:32 PM

Here is the Zoek log file.  The problem persists.  I booted into Safe Mode with networking, but I cannot access the internet.  I get "Microsoft Edge cannot be opened using the built in administrator account.  Sign in with a different account and try again."  I have no other accounts on this computer.

 


Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Kenneth Taylor on Sun 11/26/2017 at 14:06:38.16.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Kenneth Taylor\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/26/2017 2:09:16 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Kodak deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NewTech Infosystems deleted successfully
C:\PROGRA~2\Secunia deleted successfully
C:\PROGRA~2\SoftLogica deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Skype deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Kenneth Taylor\AppData\Local\ActiveSync deleted successfully
C:\Users\Kenneth Taylor\AppData\Local\DBG deleted successfully
C:\Users\Kenneth Taylor\AppData\Local\Secunia PSI deleted successfully
C:\Users\Kenneth Taylor\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1986910065-1566111469-2135244464-1001\Software\Microsoft\Internet Explorer\Explorer Bars\{1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
==== Deleting CLSID Registry Values ======================

==== FireFox Fix ======================
Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\w28itmtq.default\prefs.js:
user_pref("browser.startup.homepage", "http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0425v105k4521r59o");
Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\w28itmtq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename.US", "Bing");
Added to C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\KENNET~1\AppData\Roaming\Thunderbird\Profiles\qsqp3h84.default\prefs.js:
Added to C:\Users\KENNET~1\AppData\Roaming\Thunderbird\Profiles\qsqp3h84.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\twwdgspd.default\prefs.js:
Added to C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\twwdgspd.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Batch Command(s) Run By Tool======================
C:\WINDOWS\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\WINDOWS\syswow64\appdata deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\w28itmtq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Thunderbird\Profiles\qsqp3h84.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\twwdgspd.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox" [02/12/2017 11:24 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956
- Undetermined - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Thunderbird\Profiles\qsqp3h84.default
- Lightning - C:\Users\Kenneth Taylor\AppData\Roaming\Thunderbird\Profiles\qsqp3h84.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- ImportExportTools - %ProfilePath%\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi
ProfilePath: C:\Users\KENNET~1\AppData\Roaming\Mozilla\Firefox\Profiles\twwdgspd.default
- Undetermined - %ProfilePath%\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
==== Firefox Plugins ======================
Profilepath: C:\Users\Kenneth Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\swx33zhf.default-1428686134956
2C82D753EF779945977C82A3908DA20A - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.90.5
ABD6194288A36B25E33D167C2CD4D262 - C:\Windows\SysWOW64\NPSMDesktopProvider.dll - Microsoft® Windows® Operating System
EBF4D15189F5CE071D3F3B1C400F0982 - C:\Windows\SysWOW64\NPSM.dll - Microsoft® Windows® Operating System
7CA87501D0C43162C2A5D6B236C0A612 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.yahoo.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes\{FE44CF39-0260-484B-AC47-5F9190F664D8} - http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
==== Reset Google Chrome ======================
C:\Users\Kenneth Taylor\AppData\Local\Private Internet Access\User Data\Default\Preferences was reset successfully
C:\Users\Kenneth Taylor\AppData\Local\Private Internet Access\User Data\Default\Secure Preferences was reset successfully
C:\Users\Kenneth Taylor\AppData\Local\Private Internet Access\User Data\Default\Web Data was reset successfully
C:\Users\Kenneth Taylor\AppData\Local\Private Internet Access\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Kenneth Taylor\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Parker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Kenneth Taylor\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Parker\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\w28itmtq.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2 folders=4 16449 bytes)
==== Empty Temp Folders ======================
C:\Users\Kenneth Taylor\AppData\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\KENNET~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Sun 11/26/2017 at 14:15:17.89 ======================


#9 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 26 November 2017 - 04:00 PM

I was able to open Internet Explorer in Safe Mode and test the speed.  No improvement.

I am going to be out of town for a few days.


Edited by HSV30, 26 November 2017 - 11:39 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 27 November 2017 - 09:46 AM



Hi,

Let try this.

Create New Administrator Account in Windows 10
https://www.top-password.com/blog/3-ways-to-create-new-administrator-account-in-windows-10/

Read before proceeding.

In section 2

Type the following commands to create a new local account and then join it to the Administrators group. Replace Jack with the name of your new local admin account.
net user jack /add
net localgroup Administrators jack /add


Make sure you change the name of your choosing.

When created restart the computer in this new account.

How is it?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 03 December 2017 - 08:55 AM

Are you still with me?

#12 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 03 December 2017 - 11:36 AM

Back in town and getting back to the computer.



#13 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 03 December 2017 - 12:47 PM

OK, I was able to establish an alternate administrator account.  Still no improvement in internet speed in normal mode or safe mode with networking with either account. Found out Microsoft says you cannot run Edge in safe mode as it is a "store app" and you must use IE.  Also, noticed I have a long list of updates that have failed to install dating back to 

11/26/17. Not sure if this is related to a very slow download speed.  When clicking on retry I get a lot of spinning wheel.


Edited by HSV30, 03 December 2017 - 12:50 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:19 PM

Posted 03 December 2017 - 02:01 PM

Hi,

Yes you must repair the Windows Update issues.

Try this. Follow the instructions on each step.

Locate the CMD.EXE and run it as an Administrator.

At the DOS prompt execute the following commands in bold.

:step1: net stop wuauserv

:step2: Renames the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old , essentially clearing the Windows Update download cache so that it can start over.

:step3: Restart the Windows Update service net start wuauserv

Restart the computer normally.

How is it now?
<<<>>>

#15 HSV30

HSV30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 03 December 2017 - 10:04 PM

I managed to get most of the updates to install.  The only updates not installing are 5 updates for Windows Office 2007 components (error 0x80070057).  The major Windows 10 updates all installed.

There is still no improvement in the internet speed for the desktop.  All other devices still get normal speed (40-50 Mbps) while the desktop gets 1-3 Mbps.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users