Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP/Windows 10 Won't Go Online


  • This topic is locked This topic is locked
75 replies to this topic

#1 tabber

tabber

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2018 - 10:36 AM

I am once again trying to fix my father's computer.  He called a number on his screen and gave them access to his computer.  The virus I found was supportscam:JS/TechBrolo.Q.  I've managed to get that off his computer, but it still won't go online.  It is stuck in airplane mode and I have tried all of the directions to get it out of that on another thread.  They said to repost here because the pc must still be infected.  His firewall won't work and Malwarebytes won't run either because it is corrupted, and I deleted it and reinstalled it.  Nothing I have tried will get the PC out of airplane mode.  The bar won't slide.  The keyboard button isn't working either.  I will attach the scans below.  I have also reinstalled the correct drivers and it says they are functioning properly.

(Referred from here: https://www.bleepingcomputer.com/forums/t/670620/hpwindows-10-wont-go-online/ ~ OB)

Edited by Orange Blossom, 14 February 2018 - 02:18 PM.


BC AdBot (Login to Remove)

 


#2 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2018 - 11:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.02.2018
Ran by Art (administrator) on NEWPC (14-02-2018 10:22:40)
Running from C:\Users\Art\Downloads
Loaded Profiles: Art (Available Profiles: Art & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [vspdfprsrv.exe] => C:\Program Files\Avanquest\Expert PDF 9 Professional\vspdfprsrv.exe [10019328 2013-05-17] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-02-10] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [LMab1err] => C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe [645736 2013-07-11] ()
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3769992 2017-06-30] (HP Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk [2017-12-29]
ShortcutTarget: Ginger.lnk -> C:\Windows\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_E7648186C0BE4AE6AF2E431C614DBB20.exe (Flexera Software LLC)
Startup: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-08-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-631909209-1285290160-1862233239-1001] => hxxp://unstop-web.biz/wpad.dat?93e27fb55a4bc88e145a314e1b39d46a38064617
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4bddd27a-2eaa-4695-b2e9-c29bff40cf3e}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{7a3f1eb1-372f-4dbf-bfdf-9e454170a479}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{bd6e0166-eb21-4fcf-935e-78cc8284bbac}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{ecf6cb6c-30b1-4982-854a-36260825f052}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 0hxxp://unstop-web.biz/wpad.dat?93e27fb55a4bc88e145a314e1b39d46a38064617
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://search.hemailaccessonline.com/?source=googledisplay-v3&uid=0d60f3fc-3caf-471e-9499-c3dd6bfb1bde&uc=20171028&ap=appfocus1&i_id=email__1.30
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {7EF008A9-7830-4913-B190-3948A8F81DA0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {67D1CE2D-453A-4EF9-B9C1-D77165E3BBCC} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.8-1707
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {7EF008A9-7830-4913-B190-3948A8F81DA0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKLM-x32 - No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
Toolbar: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default [2018-02-12]
FF Homepage: Mozilla\Firefox\Profiles\2c0eutg8.default -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\2c0eutg8.default -> about:newtab
FF Extension: (Email) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\Extensions\maps@jetpack.xpi [2016-01-28] [Legacy]
FF Extension: (Looking Glass) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-14] [Legacy]
FF Extension: (Disable Crash Auto Submit) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\features\{69db87fa-5134-4a0b-b2f1-4ea2c36f2bbe}\disable-crash-autosubmit@mozilla.org.xpi [2018-01-02] [Legacy]
FF SearchPlugin: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\searchplugins\bing-lavasoft.xml [2017-06-01]
FF SearchPlugin: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\searchplugins\google-avast.xml [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: (Ginger) - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2016-12-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-05-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-631909209-1285290160-1862233239-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2017-03-21] (Ginger Software)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1734203.js [2018-02-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1734203.cfg [2018-02-03] <==== ATTENTION
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://webmail.sc.rr.com/"
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Slides) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14]
CHR Extension: (Docs) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Sheets) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-14]
CHR Extension: (HP SimplePass) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2017-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-14]
CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-02-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-02-10] (AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S4 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [534200 2017-03-21] (Ginger Software)
S4 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S4 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-12-10] (Realtek Semiconductor)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S4 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
S4 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S4 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-02-10] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-02-10] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-02-10] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-02-10] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-02-10] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-02-10] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-02-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146664 2018-02-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-02-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-02-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-02-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457400 2018-02-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-02-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-02-10] (AVAST Software)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [30752 2012-07-26] (EldoS Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
S3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
S3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-08-24] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-06-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-14 10:22 - 2018-02-14 10:23 - 000023490 _____ C:\Users\Art\Downloads\FRST.txt
2018-02-14 10:22 - 2018-02-14 10:22 - 000000000 ____D C:\FRST
2018-02-14 10:21 - 2018-02-14 10:19 - 002405376 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
2018-02-14 00:19 - 2018-02-14 00:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-13 21:48 - 2018-02-13 21:49 - 000000380 _____ C:\WINDOWS\HPSetLog.txt
2018-02-13 21:46 - 2018-02-13 21:44 - 033997256 _____ (Hewlett-Packard Company ) C:\Users\Art\Downloads\sp72517.exe
2018-02-13 21:46 - 2018-02-13 21:35 - 013277512 _____ (Hewlett-Packard ) C:\Users\Art\Downloads\sp72141.exe
2018-02-13 20:32 - 2018-02-13 20:32 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-13 20:32 - 2018-02-13 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-13 20:32 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-13 20:31 - 2017-11-18 14:34 - 078346672 _____ (Malwarebytes ) C:\Users\Art\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2018-02-13 19:34 - 2018-02-13 19:34 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-13 19:13 - 2018-02-13 19:15 - 000219592 _____ C:\WINDOWS\ntbtlog.txt
2018-02-10 22:45 - 2018-02-10 22:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-631909209-1285290160-1862233239-1001
2018-02-10 19:54 - 2018-02-10 19:54 - 000000000 ____D C:\Users\Art\AppData\Roaming\AVAST Software
2018-02-10 19:53 - 2018-02-10 19:53 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-02-10 19:53 - 2018-02-10 19:53 - 000001934 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-10 19:52 - 2018-02-14 09:56 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-02-10 19:52 - 2018-02-10 19:52 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-02-10 19:52 - 2018-02-10 19:52 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-02-10 19:51 - 2018-02-10 19:51 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-10 19:50 - 2018-02-10 19:48 - 243563632 _____ (AVAST Software) C:\Users\Art\Desktop\avast_free_antivirus_setup_offline.exe
2018-02-10 19:41 - 2016-09-12 19:20 - 006334648 _____ (AVAST Software) C:\Users\Art\Desktop\avast_free_antivirus_setup_online.exe
2018-02-10 18:47 - 2018-02-10 19:04 - 000000000 ____D C:\Users\Art\Desktop\Mom Files
2018-02-10 14:14 - 2018-02-10 14:16 - 000000000 ____D C:\Users\Art\Desktop\Scan Logs
2018-02-10 14:08 - 2018-02-10 14:17 - 000000000 ____D C:\Users\Art\Desktop\Marine Corp
2018-02-10 14:02 - 2018-02-10 14:06 - 000000000 ____D C:\Users\Art\Desktop\MODD
2018-02-03 16:45 - 2018-02-03 17:33 - 000000000 _____ C:\Recovery.txt
2018-02-03 12:08 - 2018-02-03 12:08 - 000000000 ____D C:\Users\Art\AppData\Local\GoToAssist Remote Support Customer
2018-02-03 10:12 - 2018-02-03 10:12 - 000000000 ____D C:\ProgramData\Lexmark Package Logs
2018-02-03 07:44 - 2018-02-10 12:44 - 000000000 ____D C:\ProgramData\SlimWare Utilities Inc
2018-02-03 07:42 - 2018-02-03 07:42 - 001019760 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Art\Downloads\DriverUpdate-setup.exe
2018-02-03 07:42 - 2018-02-03 07:42 - 001019760 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Art\Downloads\DriverUpdate-setup (1).exe
2018-02-03 05:15 - 2018-02-03 05:15 - 000000000 ____D C:\Users\Art\Documents\FeedbackHub
2018-01-31 21:58 - 2018-01-31 21:58 - 000000982 _____ C:\Users\Art\Desktop\SCMAP.docx - Shortcut.lnk
2018-01-31 15:30 - 2018-01-31 15:30 - 001129816 _____ (Google Inc.) C:\Users\Art\Downloads\ChromeSetup (5).exe
2018-01-31 13:53 - 2018-02-13 20:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-31 12:54 - 2018-01-31 12:54 - 000003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-01-31 12:46 - 2018-01-31 12:55 - 000000000 ____D C:\Users\TEMP.NEWPC.000
2018-01-24 13:07 - 2018-01-24 13:07 - 000000000 ____D C:\Users\Art\Documents\Add-in Express
2018-01-22 10:07 - 2018-01-31 20:01 - 000000000 _____ C:\Users\Art\Documents\HPOJ8710_Fax_Port
2018-01-19 18:05 - 2018-01-19 18:25 - 000016914 _____ C:\Users\Art\Documents\FallenMarines 2015-2016.-2017.xlsx
2018-01-17 06:03 - 2018-01-17 06:03 - 000000000 ____D C:\ProgramData\ByteFence
2018-01-16 20:41 - 2018-01-16 20:42 - 000896696 _____ (Ginger Software) C:\Users\Art\Downloads\Ginger (3).exe
2018-01-16 20:40 - 2018-01-16 20:40 - 000896696 _____ (Ginger Software) C:\Users\Art\Downloads\Ginger (2).exe
2018-01-16 20:39 - 2018-01-16 20:39 - 000896696 _____ (Ginger Software) C:\Users\Art\Downloads\Ginger.exe
2018-01-16 20:39 - 2018-01-16 20:39 - 000896696 _____ (Ginger Software) C:\Users\Art\Downloads\Ginger (1).exe
2018-01-16 07:38 - 2018-01-16 07:38 - 000000000 ____D C:\Users\Art\AppData\Local\TempTaskUpdateDetection0F94A35F-1D56-4268-B268-A6F7B1288B97
2018-01-15 14:47 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-15 14:47 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-15 14:47 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-15 14:47 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-15 14:47 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-15 14:47 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-15 14:47 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-15 14:47 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-15 14:47 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-15 14:47 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-15 14:47 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-15 14:47 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-15 14:47 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-15 14:47 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-15 14:47 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-15 14:47 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-15 14:47 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-15 14:47 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-15 14:47 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-15 14:47 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-15 14:47 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-15 14:47 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-15 14:47 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-15 14:47 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-15 14:47 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-15 14:47 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-15 14:47 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-15 14:47 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-15 14:47 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-15 14:47 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-15 14:47 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-15 14:47 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-15 14:47 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-15 14:47 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-15 14:47 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-15 14:47 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-15 14:47 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-15 14:47 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-15 14:47 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-15 14:47 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-15 14:47 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-15 14:47 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-15 14:47 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-15 14:47 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-15 14:47 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-15 14:47 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-15 14:47 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-15 14:47 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-15 14:47 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-15 14:47 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-15 14:47 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-15 14:47 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-15 14:47 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-15 14:47 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-15 14:47 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-15 14:47 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-15 14:47 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-15 14:47 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-15 14:47 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-15 14:47 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-15 14:47 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-15 14:47 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-15 14:47 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-15 14:47 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-15 14:47 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-15 14:47 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-15 14:47 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-15 14:47 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-15 14:47 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-15 14:47 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-15 14:47 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-15 14:47 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-15 14:47 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-15 14:47 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-15 14:47 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-15 14:47 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-15 14:47 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-15 14:47 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-15 14:47 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-15 14:47 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-15 14:47 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-15 14:47 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-15 14:47 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-15 14:47 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-15 14:47 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-15 14:47 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-15 14:47 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-15 14:47 - 2018-01-01 06:08 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-15 14:47 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-15 14:46 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-15 14:46 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-15 14:46 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-15 14:46 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-15 14:46 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-15 14:46 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-15 14:46 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-15 14:46 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-15 14:46 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-15 14:46 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-15 14:46 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-15 14:46 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-15 14:46 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-15 14:46 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-15 14:46 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-15 14:46 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-15 14:46 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-15 14:46 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-15 14:46 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-15 14:46 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-15 14:46 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-15 14:46 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-15 14:46 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-15 14:46 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-15 14:46 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-15 14:46 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-15 14:46 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-15 14:46 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-15 14:46 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-15 14:46 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-15 14:46 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-15 14:46 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-15 14:46 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-15 14:46 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-15 14:46 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-15 14:46 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-15 14:46 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-15 14:46 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-15 14:46 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-15 14:46 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-15 14:46 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-15 14:46 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-15 14:46 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-15 14:46 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-15 14:46 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-15 14:46 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-15 14:46 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-15 14:46 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-15 14:46 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-15 14:46 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-15 14:46 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-15 14:46 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-15 14:46 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-15 14:46 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-15 14:46 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-15 14:46 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-15 14:46 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-15 14:46 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-15 14:46 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-15 14:46 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-15 14:46 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-15 14:46 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-15 14:46 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-15 14:46 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-15 14:46 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-15 14:46 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-15 14:46 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-15 14:46 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-15 14:46 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-15 14:46 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-15 14:46 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-15 14:46 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-15 14:46 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-15 14:46 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-15 14:46 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-15 14:46 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-15 14:46 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-15 14:46 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-15 14:46 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-15 14:46 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-15 14:46 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-15 14:46 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-15 14:46 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-15 14:46 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-15 14:46 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-15 14:46 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-15 14:46 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-15 14:46 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-15 14:46 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-15 14:46 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-15 14:46 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-15 14:46 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-15 14:46 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-15 14:46 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-15 14:46 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-15 14:46 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-15 14:46 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-15 14:46 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-15 14:46 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-15 14:46 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-15 14:46 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-15 14:46 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-15 14:46 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-15 14:46 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-15 14:46 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-15 14:46 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-15 14:46 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-15 14:46 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-15 14:46 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-15 14:46 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-15 14:46 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-15 14:46 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-15 14:46 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-15 14:46 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-15 14:46 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-15 14:46 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-15 14:46 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-15 14:46 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-14 00:18 - 2017-11-30 15:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-13 22:13 - 2017-09-29 03:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-02-13 21:48 - 2014-04-04 18:55 - 000000000 ____D C:\SWSetup
2018-02-13 21:47 - 2014-08-26 04:38 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-02-13 19:14 - 2017-05-20 07:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-13 18:41 - 2017-11-30 14:44 - 000000000 ____D C:\Users\Art
2018-02-13 18:09 - 2017-12-26 20:17 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForArt.job
2018-02-12 12:06 - 2017-12-26 20:17 - 000003220 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForArt
2018-02-12 10:34 - 2017-12-14 13:19 - 000000000 ____D C:\Users\Art\AppData\LocalLow\Mozilla
2018-02-10 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-10 19:41 - 2016-12-01 13:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-10 13:26 - 2014-08-26 03:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-10 13:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-10 12:44 - 2017-05-31 21:42 - 000000000 ____D C:\Program Files\SlimService
2018-02-10 12:44 - 2017-05-31 21:42 - 000000000 ____D C:\Program Files\SlimCleaner Plus
2018-02-03 16:05 - 2015-02-07 14:53 - 000000000 ____D C:\Users\Art\AppData\Local\ElevatedDiagnostics
2018-02-03 12:08 - 2015-01-29 15:47 - 000000000 ____D C:\Users\Art\AppData\Local\Citrix
2018-02-03 11:26 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-03 11:26 - 2017-04-29 17:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-03 11:26 - 2014-12-29 15:35 - 000000000 __SHD C:\Users\Art\IntelGraphicsProfiles
2018-02-03 11:21 - 2017-11-30 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-03 11:06 - 2016-01-30 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-03 11:02 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-03 10:04 - 2015-01-01 21:49 - 000000000 ____D C:\Users\Art\Tracing
2018-02-03 07:44 - 2017-06-12 18:30 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-03 04:03 - 2017-11-30 14:43 - 001938500 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-02 05:40 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-01 20:21 - 2017-11-30 14:45 - 000000000 ____D C:\Users\Art\AppData\Local\Packages
2018-02-01 19:42 - 2017-01-10 22:34 - 000015790 _____ C:\Users\Art\Documents\FallenMarines 2015-2016.-2017xlsx.xlsx
2018-02-01 15:08 - 2017-07-07 06:58 - 000000000 ____D C:\MCLDBBackup
2018-01-31 19:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-31 14:53 - 2016-12-01 13:15 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-31 14:53 - 2016-12-01 13:15 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-31 13:33 - 2017-11-30 15:45 - 000000000 ____D C:\Users\Art\AppData\Local\PlaceholderTileLogoFolder
2018-01-31 12:47 - 2014-12-30 02:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-31 08:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-31 08:39 - 2017-03-28 18:48 - 000000000 ____D C:\Users\Art\Documents\HpReg_Backup
2018-01-31 08:25 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\registration
2018-01-31 07:04 - 2015-01-01 21:30 - 000000000 ____D C:\Users\Art\AppData\Local\Google
2018-01-31 07:04 - 2015-01-01 21:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-31 07:03 - 2014-12-29 15:39 - 000000000 ___RD C:\Users\Art\OneDrive
2018-01-30 23:46 - 2015-08-18 19:55 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNEWPC$.job
2018-01-30 21:23 - 2017-03-28 18:46 - 000002088 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-01-25 10:01 - 2017-11-30 15:25 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNEWPC$
2018-01-24 22:44 - 2017-11-30 14:42 - 000000000 ____D C:\Program Files\Bonjour
2018-01-24 22:44 - 2016-12-29 21:41 - 000000000 ____D C:\Program Files (x86)\Ginger
2018-01-24 22:44 - 2016-12-01 13:31 - 000000000 ____D C:\Program Files\7-Zip
2018-01-24 22:44 - 2016-04-30 16:42 - 000000000 ____D C:\Program Files\TrueKey
2018-01-24 22:44 - 2016-01-06 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-24 22:44 - 2015-04-15 17:18 - 000000000 ____D C:\Program Files (x86)\AbleWord
2018-01-24 22:44 - 2015-04-15 05:49 - 000000000 ____D C:\pdfOCR
2018-01-24 22:44 - 2015-04-15 05:47 - 000000000 ____D C:\FreeOCR
2018-01-24 22:44 - 2015-02-18 20:56 - 000000000 ____D C:\Program Files (x86)\EZ Fonts
2018-01-24 13:57 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-24 13:56 - 2017-05-07 14:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-24 13:14 - 2018-01-07 17:11 - 000000000 ____D C:\Program Files\ByteFence
2018-01-24 13:09 - 2018-01-07 17:14 - 000000000 ____D C:\ProgramData\WinZip
2018-01-24 05:17 - 2015-01-01 21:29 - 000000000 ____D C:\Users\Art\AppData\Local\Adobe
2018-01-24 05:08 - 2016-02-15 07:05 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 18:40 - 2018-01-07 17:12 - 000004134 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1515363156
2018-01-22 10:07 - 2015-06-15 07:50 - 000000000 ____D C:\Users\Art\AppData\Local\HP
2018-01-22 10:04 - 2015-06-08 16:44 - 000035328 _____ C:\Users\Art\Documents\PRESCIPTRION HOSPITAL.xls
2018-01-18 10:02 - 2017-04-29 17:32 - 000006567 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-01-17 22:36 - 2017-04-29 17:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-17 18:00 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache
2018-01-16 08:16 - 2014-12-31 05:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-16 08:13 - 2017-10-11 10:12 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-16 08:13 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-16 08:13 - 2014-12-31 05:18 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-16 08:02 - 2015-12-13 07:04 - 000000000 ___RD C:\Users\Art\3D Objects
2018-01-16 07:59 - 2017-11-30 13:59 - 000432312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-16 07:58 - 2017-02-16 08:36 - 000000342 _____ C:\WINDOWS\Tasks\TechUtilities.job
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-16 07:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-16 07:55 - 2017-09-29 03:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-15 14:50 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-15 14:49 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-15 14:49 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
==================== Files in the root of some directories =======
2015-01-17 21:27 - 2015-01-17 21:27 - 000000064 _____ () C:\Users\Art\AppData\Local\2a114732d6fd1a8a2f32dede23a97c19
2016-04-07 10:28 - 2016-04-07 10:28 - 000000017 _____ () C:\Users\Art\AppData\Local\resmon.resmoncfg
2015-12-08 09:19 - 2015-11-09 21:49 - 000022896 _____ () C:\Users\Art\AppData\Local\Z@!-51278c08-7841-45c6-809b-0793f4d725d5.tmp
2015-12-08 09:19 - 2015-11-09 21:49 - 000022896 _____ () C:\Users\Art\AppData\Local\Z@!-841e38d4-6057-4543-84f5-f1c6ef95f5e5.tmp
2015-12-08 09:19 - 2015-11-09 21:49 - 000023920 _____ () C:\Users\Art\AppData\Local\Z@S!-24c62962-3ed4-4c18-88d1-4429c7c31b88.tmp
Some files in TEMP:
====================
2018-02-13 19:35 - 2017-11-18 14:34 - 078346672 _____ (Malwarebytes                                                ) C:\Users\Art\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-24 17:38
==================== End of FRST.txt ============================


#3 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2018 - 11:40 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Art (14-02-2018 10:23:45)
Running from C:\Users\Art\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-11-30 20:41:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-631909209-1285290160-1862233239-500 - Administrator - Disabled) => C:\Users\Administrator
Art (S-1-5-21-631909209-1285290160-1862233239-1001 - Administrator - Enabled) => C:\Users\Art
DefaultAccount (S-1-5-21-631909209-1285290160-1862233239-503 - Limited - Disabled)
Guest (S-1-5-21-631909209-1285290160-1862233239-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-631909209-1285290160-1862233239-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-631909209-1285290160-1862233239-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Expert PDF 9 Professional (HKLM\...\{698A90AC-452A-4534-9D53-55A5C14193F1}) (Version: 9.00.0000 - Avanquest Software)
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
Free PDF To JPG Converter 3.42 (HKLM-x32\...\Free PDF To JPG Converter_is1) (Version: 3.42 - )
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software) Hidden
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{B4398909-31F1-4889-8314-6464C5F7CCA1}) (Version: 40.11.1148.17181 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.46 - Softex Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lexmark CX410 Series Uninstaller (HKLM\...\Lexmark CX410 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCL Roster Controlller V3.1.1.1 (HKLM-x32\...\{AE211FAD-5F37-4F3A-B751-367F5495A216}) (Version: 1.0.0 - MCL)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
My Speedtest XP (HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\{798cfdd6-142b-4584-9605-bb47a7da5792}) (Version: 1.0 - My Speedtest XP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
PDF OCR 4.3 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version:  - PDF OCR)
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{1DC2E25B-08E2-4203-BD66-9B2BD189ECCE}) (Version: 40.11.1148.17181 - HP Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{090746F9-9F39-42C0-920A-4852C2EDE704}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{4947F20E-8FFC-4CA4-9460-BE9612F12155}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C9EDD4-DAAA-4DE6-8245-5FD32CCB6D60} - System32\Tasks\HPCeeScheduleForArt => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {064FE9ED-6489-4CA6-9746-C709037160E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-16] (Microsoft Corporation)
Task: {12713A24-F00E-44A8-9D0F-8DC44B8E43D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1640DF89-B7B8-4D05-8D19-B86A15D63145} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {1DED0CDC-4C25-4245-913A-82606E1757F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2CF3D90B-809D-40EF-AAC2-58BA733E1294} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {2FFE3EC0-F72D-4FD5-B652-11290758631A} - \WPD\SqmUpload_S-1-5-21-631909209-1285290160-1862233239-1001 -> No File <==== ATTENTION
Task: {30600347-239B-4AA0-A809-0AA74AAEB058} - System32\Tasks\Opera scheduled Autoupdate 1515363156 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe
Task: {334EA830-517C-4853-BBE9-6379BB882256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {34BB6B0E-B5B1-4E7F-8CB8-C315610EEA16} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-10] (AVAST Software)
Task: {34FF486E-BEB6-44CB-A28A-9778332B1B2F} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2017-06-30] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {361C6D10-AAE8-4599-A404-4AEA6E77181E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {41453B3D-216B-47F5-BC55-73B10CDB05E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4467F945-DC43-4A1D-8E5D-CB1BC350D4A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {47F9CF67-2CB8-405C-B1C8-0BBEFF63BF33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {4CC6D62F-2A6A-4936-A4B2-B18AD736238F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {507A7864-0669-485F-9C3F-CECAB717C00F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {513E2E86-4BFC-40B1-98C7-6DE6A9C29C43} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {52B5B64A-15DE-4025-9957-D812B5874A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {53F48531-DE07-4B93-8D2C-C780AE03E21B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BAD5BDB-7569-4EA2-8BDC-6628A4D78DB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {60043391-873E-469D-A074-1512952611A3} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-631909209-1285290160-1862233239-1001
Task: {616E1D54-583D-4F21-A03C-384D23CEE1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {635D682D-9B2F-450C-8559-5371FCAB52BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {644C80BC-9B7E-4626-A6AE-9AF08EFF512C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {6AAC0B0A-B3F4-49FC-875D-8EEC16733980} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7AC5C7DD-B2DF-438D-B01C-81BBA1143C93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {82898EA2-7E2C-4ADE-9AF1-1BD6AB7F0B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8B59D25D-7A18-4012-8343-449FE6C85D7B} - System32\Tasks\HPCeeScheduleForNEWPC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8C1277CF-46DA-41F6-82F1-2634A9635389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {92C4DCDE-A6B8-4436-ADD7-D279E4CBC631} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {934CEA17-855C-45DE-A9A9-14B0C73821E8} - System32\Tasks\S-1-5-21-631909209-1285290160-1862233239-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {9484613A-4C9B-468F-AA7B-BCD7BA0E3502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {9D268985-255C-4F5B-87DA-40C716296C31} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {9F469303-9A3D-436D-83A1-9BF91D612D6C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9FF2F836-2B17-45CB-A410-1FD2AA056605} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A9CFC1CD-FCFA-418A-953C-FD617374505B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA0845AC-374B-4C95-B129-E578CB957FD9} - System32\Tasks\{DD7516ED-1745-4B3F-B78F-D5769771450F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {AF79D4C3-DDC8-4C22-B0E0-FAFCFEC0B997} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {B174940A-44C7-4D49-B9F0-5126BEE4CFC2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B90B6DDB-AD2B-4510-80CA-BB2F2B57FF85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BBD091E2-9A25-4423-A7B8-3BE676C505E1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {BC547CB3-37A8-4921-9A11-337E7D6AE77B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {BFB4DEE6-5B70-45C5-B7F1-D32A18BD1997} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C89B3D4C-883F-4D1E-8629-087898571665} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Art\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CE3A65A3-066D-4397-9F48-C30A95E3A9DB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D0C2DCE1-86A2-4971-BB59-26F84892F0B9} - System32\Tasks\{3CD2D70F-95B8-4A35-9809-AB2BE5EB507F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {DE962C76-D1DB-4E11-927F-EF614EA1EB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {DF18DF51-ABD6-49BB-AB72-FBC1606B10A5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DF9599F5-47F2-4917-872C-7292C6535A66} - System32\Tasks\{7C05A33C-7792-4AE1-8967-58C65BCBA33A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {ED86D3CE-0F69-4628-B5E3-675356AAF28A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {F0B8C96B-CEC0-4D27-95C6-A3585169A2BC} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {FB7ED40A-9580-406E-96D9-2F639FBB3935} - System32\Tasks\{A4AAF140-5B73-4493-8A39-BD8BDD56B30F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Lexmark CX410 Series\Install\x64\LMAD4installgui.exe" -c /u OEMProductName="Lexmark CX410 Series"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForArt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNEWPC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-07 14:59 - 2017-05-07 14:59 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-13 08:33 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 08:33 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 06:56 - 2018-01-31 06:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 06:56 - 2018-01-31 06:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-02-10 19:52 - 2018-02-10 19:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 [149]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2018-01-31 14:07 - 000002534 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: Appinfo => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BOT4Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DSAO => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: GingerUpdateService => 2
MSCONFIG\Services: GoToAssist Remote Support Customer => 2
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hp3ddgsrv => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: omniserv => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: RemoteAccess => 3
MSCONFIG\Services: RemoteRegistry => 4
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RoxioBurnLauncher => 2
MSCONFIG\Services: RoxMediaDB14 => 3
MSCONFIG\Services: RoxWatch14 => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 4
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: shpamsvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SlimService => 2
MSCONFIG\Services: SlimWareServices => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 3
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: tzautoupdate => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: valWBFPolicyService => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 2
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 2
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\Services: YahooAUService => 3
HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "vspdfprsrv.exe"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "DriverTalent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatch.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatchApp.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "LMab1err"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3C887CF25D895E4A0076FA090E083550"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "HP OfficeJet Pro 8710 (NET)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2DC0E7EB-2FC3-4AAE-8279-94C67D5B4DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D6D138B-A31E-4607-BF0D-17DE09C98C31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E7AA406-E0E2-437C-9CE6-9681669CB96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE8EF21A-D588-4E82-9720-96BEC671016C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA757DE8-4173-4D4D-AD7C-F364E53B30D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04C23989-F211-498E-B4E7-0F77B1B324FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B240AD1-D304-4522-ABF0-2072DEA1A2CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDA6E1DC-5151-4DF8-AED2-AADB8AFC90FD}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [{EDDA2F48-FF01-4D59-A5B4-76DF58A66691}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{F5CDECE2-E516-439C-A3C5-608784350B3D}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{CE9CA5AA-7253-4D26-8342-4DDB290F6FA3}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{403E27CD-A018-4D3E-AE26-D539E2B8032D}] => (Allow) C:\Users\Art\Documents\Artisteer 4\bin\Artisteer.exe
FirewallRules: [UDP Query User{C2A01494-8140-4B95-83C0-8AACD3C7FD96}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F16034F9-8DB6-405D-9A9C-2CA7235B728F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CD967EAD-2E78-4834-9A5D-2D8EDF8DB2FB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{A02FC1E2-1CFD-4429-A59B-3AF5B4CCC8E0}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{422B1B06-D678-4021-A772-98DE68321257}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{ABE9ADF5-4F70-4F33-B21A-B84E3FA20DCB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{70E22099-2C32-446C-ACF9-829273F4D90F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{35EA5A70-C8F0-4A43-9BB4-15FCBB2D198A}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{16E12152-BCD7-42FA-897C-92109E786EDA}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{ADF9A3C2-93C9-42DA-984C-1F721DFD7C27}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{2DC1F13A-CEEA-49D6-BFAE-780155D33249}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B92DA71-315C-4A76-B79B-A0F5BABA4B23}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{528C480F-B767-4551-B39D-DC70F5E6E1A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{214A00DD-70E4-4374-8E0E-9108BE008340}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3188E4A3-83A0-4ADC-AF77-3A81AA1536D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8D9B8161-9350-42B3-A449-14B76966BAAD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{9053C92C-F4F7-4706-99C3-397E540F42EB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{FDA9FCB4-274E-4388-A46C-C671126E206F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{46E9BF4D-E46B-487A-B0F2-9C294D6F5CF3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EAF514DB-79E2-46C2-95DC-FB2A422D4429}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EEC5A35A-CB33-4641-B9C4-45299AB2E805}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS62D6\HP.EasyStart.exe
FirewallRules: [TCP Query User{FEEE9989-7E06-43D7-9570-2A97BCFEA74E}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{CC99D13B-4EA6-46D6-9FEB-7003F51200E1}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{4AD5345B-0012-4D2D-92B6-58E6AF61DEFC}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{FB5BE48E-D14D-4449-AE56-76D1BD17CCE7}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{AF61CB75-28FE-4CA7-91E6-10414A5651E9}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{01737CBB-1B52-4302-B418-5126F84D817C}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{C6D8FCB6-F828-435A-92AD-48F782ED6326}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{9420CCE4-B32B-4FD6-B2B6-527AEC9E3627}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{DD654779-F617-4674-87E4-C9D87B7EA0F3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{9EBA8A8E-D35E-4EF8-B872-E8473E1F50D0}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{D71B3BCF-EE0A-4F7F-8817-06985AE1AF0B}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{7558D1FC-5DB0-4941-95F2-A0B2B43A6C1E}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{73721856-30A3-43DE-8FA6-CDF2FA2F5C6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2018 08:16:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:37:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:37:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]

Operation:
   Instantiating VSS server
Error: (02/03/2018 12:30:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Instantiating VSS server

System errors:
=============
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Windows Defender:
===================================
Date: 2018-02-03 11:12:17.297
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm;file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-02-03 11:12:12.467
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 20:50:11.285
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84AEF102-B8AE-4A7B-BA15-ABB8E839A051}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:46:03.728
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {04D33E96-370D-40E2-9FC3-33332CD3EB7E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:30:12.953
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {98BA8347-639C-4E53-9ADB-39600715A177}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 20:33:29.993
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.993
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
CodeIntegrity:
===================================
Date: 2018-02-03 12:55:49.226
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:55:49.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.849
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.847
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 17%
Total physical RAM: 16314.15 MB
Available physical RAM: 13408.18 MB
Total Virtual: 18746.15 MB
Available Virtual: 16294 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.97 GB) (Free:818.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.61 GB) (Free:2.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:1862.89 GB) (Free:27.63 GB) NTFS
\\?\Volume{7467d0cf-1858-4298-b15a-607fddf02dca}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS
\\?\Volume{111bb81a-f616-4275-a927-8e5347df8442}\ () (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32
\\?\Volume{b3f75a0e-4a3c-40be-a778-757e326eb106}\ () (Fixed) (Total:0.92 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B45667FC)
Partition: GPT.
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 1BC0320E)
Partition: GPT.
==================== End of Addition.txt ============================


#4 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2018 - 11:45 AM

I've been working on this for a week and have done all of the obvious things.  System restore and programs like it won't work. 



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 15 February 2018 - 05:47 PM

Hi tabber :)

My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
Let me know if you have any questions.
 
polskamachina



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:25 PM

Posted 15 February 2018 - 05:52 PM

Sorry. Posted at the same time.

 

Good luck :)


Edited by JSntgRvr, 15 February 2018 - 05:54 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 15 February 2018 - 06:09 PM

Thank you.  This one is beyond me.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 16 February 2018 - 11:16 PM

Hi tabber,
 
Good job posting the logs. :thumbup2:
 

Let's begin with the fixing. Many of your services are disabled. I would like you to re-enable them so we can troubleshoot the problems.

  • Hold down the Windows flag key on your keyboard and tap the letter, R
  • The run box should appear
  • Type msconfig in the box and press OK
  • Select the choice for, Normal startup and press OK
  • Your computer will need to be restarted so close all your other apps and programs and let the computer restart

Next:
 
Note: The following fix will clear out your temporary files, your recycle bin, and your internet cache. If you need to retrieve anything from those locations, now is the time to retrieve them.

  • Highlight the text below in its entirety and press Ctrl-C
Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1734203.js [2018-02-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1734203.cfg [2018-02-03] <==== ATTENTION
Folder: C:\MCLDBBackup
EmptyTemp:
End::
  • Run FRST64
  • Click on Fix
  • The computer will need to be restarted once the fix has completed
  • Please allow it to restart
  • After the computer reboots and you're back at your desktop, you will find a file named, Fixlog.txt in your Downloads folder
  • Please copy and paste the contents of that file into your next reply to me

Next:

  • Check your internet connectivity to see if it's been restored

Next:

  • Run FRST64
  • Click on Scan
  • Please copy and paste the FRST and Addition logs into your next reply to me

Finally:

I noticed that you have a program installed named, MCL Roster Controlller V3.1.1.1 Do you know what this program is or what its function is? I have not seen it before nor can I locate any information about it.

 

In summary I  will need from you:

  • Were you able to successfully change msconfig to a Normal startup?
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • Was your internet connectivity restored?
  • Can you give me any information about the program, MCL Roster Controlller V3.1.1.1 ?
  • In general, how is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#9 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 10:15 AM

MCL Roster Controller is a program for The Marine Corp League to keep  track of it's members at meetings.  This is my father's computer, I'm not sure where he got that program.



#10 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 10:44 AM

The second one won't run, control+c with the highlighted text



#11 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 10:52 AM

Fix won't run.  I am getting a message box that says No fixlist.txt found.  The fixlist.txt should be in the same folder/directory the tool is located.  I am going to stop and wait for your reply.  Since I can't go online, I copied the text into a word file and copied it to the computer.  I'm not sure if this makes a difference.  It seems it's out of airplane mode now, but still won't connect.  It says it's in safe mode, am restarting now to change that.



#12 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 10:55 AM

It won't come out of safe mode now.  I've tried and now it's stuck in safe mode like it was stuck in airplane mode.  I'll post the scan below.


Edited by tabber, 17 February 2018 - 11:01 AM.


#13 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 11:26 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by Art (administrator) on NEWPC (17-02-2018 11:02:48)
Running from C:\Users\Art\Desktop\New folder
Loaded Profiles: Art (Available Profiles: Art & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [vspdfprsrv.exe] => C:\Program Files\Avanquest\Expert PDF 9 Professional\vspdfprsrv.exe [10019328 2013-05-17] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-02-10] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-10-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [LMab1err] => C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe [645736 2013-07-11] ()
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3769992 2017-06-30] (HP Inc.)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [976896 2017-09-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk [2017-12-29]
ShortcutTarget: Ginger.lnk -> C:\Windows\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_E7648186C0BE4AE6AF2E431C614DBB20.exe (Flexera Software LLC)
Startup: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-08-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-10-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2016-09-02] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-631909209-1285290160-1862233239-1001] => hxxp://unstop-web.biz/wpad.dat?93e27fb55a4bc88e145a314e1b39d46a38064617
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{4bddd27a-2eaa-4695-b2e9-c29bff40cf3e}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{7a3f1eb1-372f-4dbf-bfdf-9e454170a479}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{bd6e0166-eb21-4fcf-935e-78cc8284bbac}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{ecf6cb6c-30b1-4982-854a-36260825f052}: [DhcpNameServer] 209.18.47.62 209.18.47.61
ManualProxies: 0hxxp://unstop-web.biz/wpad.dat?93e27fb55a4bc88e145a314e1b39d46a38064617
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://search.hemailaccessonline.com/?source=googledisplay-v3&uid=0d60f3fc-3caf-471e-9499-c3dd6bfb1bde&uc=20171028&ap=appfocus1&i_id=email__1.30
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {7EF008A9-7830-4913-B190-3948A8F81DA0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {67D1CE2D-453A-4EF9-B9C1-D77165E3BBCC} URL = hxxps://search.yahoo.com/search?ei=utf-8&fr=befds&p={searchTerms}&type=ieds-4.8-1707
SearchScopes: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> {7EF008A9-7830-4913-B190-3948A8F81DA0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKLM-x32 - No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
Toolbar: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> No Name - {B70859FD-89D1-4957-9175-33EBC184B170} -  No File
Toolbar: HKU\S-1-5-21-631909209-1285290160-1862233239-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default [2018-02-12]
FF Homepage: Mozilla\Firefox\Profiles\2c0eutg8.default -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\2c0eutg8.default -> about:newtab
FF Extension: (Email) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\Extensions\maps@jetpack.xpi [2016-01-28] [Legacy]
FF Extension: (Looking Glass) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-14] [Legacy]
FF Extension: (Disable Crash Auto Submit) - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\features\{69db87fa-5134-4a0b-b2f1-4ea2c36f2bbe}\disable-crash-autosubmit@mozilla.org.xpi [2018-01-02] [Legacy]
FF SearchPlugin: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\searchplugins\bing-lavasoft.xml [2017-06-01]
FF SearchPlugin: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\2c0eutg8.default\searchplugins\google-avast.xml [2017-12-14]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt => not found
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: (Ginger) - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2016-12-29] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-05-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-631909209-1285290160-1862233239-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2017-03-21] (Ginger Software)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1734203.js [2018-02-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1734203.cfg [2018-02-03] <==== ATTENTION
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://webmail.sc.rr.com/"
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Slides) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-14]
CHR Extension: (Docs) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-14]
CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Google Search) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Sheets) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-14]
CHR Extension: (HP SimplePass) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2017-12-14]
CHR Extension: (Google Docs Offline) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-14]
CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-02-10] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-02-10] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [534200 2017-03-21] (Ginger Software)
S2 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-10-03] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-12-10] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [54296 2017-10-03] (HP)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-02-10] (AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-02-10] (AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-02-10] (AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-02-10] (AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-02-10] (AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-02-10] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-02-10] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146664 2018-02-10] (AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-02-10] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-02-10] (AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-02-10] (AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457400 2018-02-10] (AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-02-10] (AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-02-10] (AVAST Software)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [30752 2012-07-26] (EldoS Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [40472 2017-10-03] (HP)
S3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
S3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-17] (Malwarebytes)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1009128 2017-08-24] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-06-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-17 11:02 - 2018-02-17 11:02 - 000000000 ____D C:\Users\Art\Desktop\New folder
2018-02-17 10:56 - 2018-02-17 10:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-17 10:26 - 2018-02-17 10:55 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-02-14 10:23 - 2018-02-14 10:26 - 000068680 _____ C:\Users\Art\Downloads\Addition.txt
2018-02-14 10:22 - 2018-02-17 11:02 - 000000000 ____D C:\FRST
2018-02-14 10:22 - 2018-02-14 10:26 - 000073268 _____ C:\Users\Art\Downloads\FRST.txt
2018-02-14 10:21 - 2018-02-17 10:40 - 002403840 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe
2018-02-13 21:48 - 2018-02-13 21:49 - 000000380 _____ C:\WINDOWS\HPSetLog.txt
2018-02-13 21:46 - 2018-02-13 21:44 - 033997256 _____ (Hewlett-Packard Company ) C:\Users\Art\Downloads\sp72517.exe
2018-02-13 21:46 - 2018-02-13 21:35 - 013277512 _____ (Hewlett-Packard ) C:\Users\Art\Downloads\sp72141.exe
2018-02-13 20:32 - 2018-02-13 20:32 - 000001879 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-02-13 20:32 - 2018-02-13 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-02-13 20:32 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-02-13 20:31 - 2017-11-18 14:34 - 078346672 _____ (Malwarebytes ) C:\Users\Art\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2018-02-13 19:34 - 2018-02-13 19:34 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-02-13 19:13 - 2018-02-13 19:15 - 000219592 _____ C:\WINDOWS\ntbtlog.txt
2018-02-10 22:45 - 2018-02-10 22:45 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-631909209-1285290160-1862233239-1001
2018-02-10 19:54 - 2018-02-10 19:54 - 000000000 ____D C:\Users\Art\AppData\Roaming\AVAST Software
2018-02-10 19:53 - 2018-02-10 19:53 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-02-10 19:53 - 2018-02-10 19:53 - 000001934 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-02-10 19:52 - 2018-02-17 09:56 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-02-10 19:52 - 2018-02-10 19:52 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-02-10 19:52 - 2018-02-10 19:52 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-02-10 19:52 - 2018-02-10 19:52 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-02-10 19:52 - 2018-02-10 19:51 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-02-10 19:51 - 2018-02-10 19:51 - 000000000 ____D C:\Program Files\AVAST Software
2018-02-10 19:50 - 2018-02-10 19:48 - 243563632 _____ (AVAST Software) C:\Users\Art\Desktop\avast_free_antivirus_setup_offline.exe
2018-02-10 19:41 - 2016-09-12 19:20 - 006334648 _____ (AVAST Software) C:\Users\Art\Desktop\avast_free_antivirus_setup_online.exe
2018-02-10 18:47 - 2018-02-10 19:04 - 000000000 ____D C:\Users\Art\Desktop\Mom Files
2018-02-10 14:14 - 2018-02-10 14:16 - 000000000 ____D C:\Users\Art\Desktop\Scan Logs
2018-02-10 14:08 - 2018-02-10 14:17 - 000000000 ____D C:\Users\Art\Desktop\Marine Corp
2018-02-10 14:02 - 2018-02-10 14:06 - 000000000 ____D C:\Users\Art\Desktop\MODD
2018-02-03 16:45 - 2018-02-03 17:33 - 000000000 _____ C:\Recovery.txt
2018-02-03 12:08 - 2018-02-03 12:08 - 000000000 ____D C:\Users\Art\AppData\Local\GoToAssist Remote Support Customer
2018-02-03 10:12 - 2018-02-03 10:12 - 000000000 ____D C:\ProgramData\Lexmark Package Logs
2018-02-03 07:44 - 2018-02-10 12:44 - 000000000 ____D C:\ProgramData\SlimWare Utilities Inc
2018-02-03 07:42 - 2018-02-03 07:42 - 001019760 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Art\Downloads\DriverUpdate-setup.exe
2018-02-03 07:42 - 2018-02-03 07:42 - 001019760 _____ (Slimware Utilities Holdings, Inc.) C:\Users\Art\Downloads\DriverUpdate-setup (1).exe
2018-02-03 05:15 - 2018-02-03 05:15 - 000000000 ____D C:\Users\Art\Documents\FeedbackHub
2018-01-31 21:58 - 2018-01-31 21:58 - 000000982 _____ C:\Users\Art\Desktop\SCMAP.docx - Shortcut.lnk
2018-01-31 15:30 - 2018-01-31 15:30 - 001129816 _____ (Google Inc.) C:\Users\Art\Downloads\ChromeSetup (5).exe
2018-01-31 13:53 - 2018-02-13 20:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-31 12:54 - 2018-01-31 12:54 - 000003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-01-31 12:46 - 2018-01-31 12:55 - 000000000 ____D C:\Users\TEMP.NEWPC.000
2018-01-24 13:07 - 2018-01-24 13:07 - 000000000 ____D C:\Users\Art\Documents\Add-in Express
2018-01-22 10:07 - 2018-01-31 20:01 - 000000000 _____ C:\Users\Art\Documents\HPOJ8710_Fax_Port
2018-01-19 18:05 - 2018-01-19 18:25 - 000016914 _____ C:\Users\Art\Documents\FallenMarines 2015-2016.-2017.xlsx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-17 10:56 - 2017-05-20 07:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-02-17 10:54 - 2017-09-29 03:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-02-17 10:24 - 2017-11-30 15:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-17 10:24 - 2016-02-28 14:00 - 000000000 ____D C:\WINDOWS\pss
2018-02-16 12:06 - 2017-12-26 20:17 - 000003220 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForArt
2018-02-16 12:06 - 2017-12-26 20:17 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForArt.job
2018-02-13 21:48 - 2014-04-04 18:55 - 000000000 ____D C:\SWSetup
2018-02-13 21:47 - 2014-08-26 04:38 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-02-13 18:41 - 2017-11-30 14:44 - 000000000 ____D C:\Users\Art
2018-02-12 10:34 - 2017-12-14 13:19 - 000000000 ____D C:\Users\Art\AppData\LocalLow\Mozilla
2018-02-10 20:06 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-10 19:41 - 2016-12-01 13:12 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-10 13:26 - 2014-08-26 03:52 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-10 13:19 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-10 12:44 - 2017-05-31 21:42 - 000000000 ____D C:\Program Files\SlimService
2018-02-10 12:44 - 2017-05-31 21:42 - 000000000 ____D C:\Program Files\SlimCleaner Plus
2018-02-03 16:05 - 2015-02-07 14:53 - 000000000 ____D C:\Users\Art\AppData\Local\ElevatedDiagnostics
2018-02-03 12:08 - 2015-01-29 15:47 - 000000000 ____D C:\Users\Art\AppData\Local\Citrix
2018-02-03 11:26 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-03 11:26 - 2017-04-29 17:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-02-03 11:26 - 2014-12-29 15:35 - 000000000 __SHD C:\Users\Art\IntelGraphicsProfiles
2018-02-03 11:21 - 2017-11-30 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-03 11:06 - 2016-01-30 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-03 11:02 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-03 10:04 - 2015-01-01 21:49 - 000000000 ____D C:\Users\Art\Tracing
2018-02-03 07:44 - 2017-06-12 18:30 - 000000000 ____D C:\Users\Public\Documents\Downloaded Installers
2018-02-03 04:03 - 2017-11-30 14:43 - 001938500 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-02 05:40 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-01 20:21 - 2017-11-30 14:45 - 000000000 ____D C:\Users\Art\AppData\Local\Packages
2018-02-01 19:42 - 2017-01-10 22:34 - 000015790 _____ C:\Users\Art\Documents\FallenMarines 2015-2016.-2017xlsx.xlsx
2018-02-01 15:08 - 2017-07-07 06:58 - 000000000 ____D C:\MCLDBBackup
2018-01-31 19:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-31 14:53 - 2016-12-01 13:15 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-31 14:53 - 2016-12-01 13:15 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-31 13:33 - 2017-11-30 15:45 - 000000000 ____D C:\Users\Art\AppData\Local\PlaceholderTileLogoFolder
2018-01-31 12:47 - 2014-12-30 02:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-31 08:39 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-31 08:39 - 2017-03-28 18:48 - 000000000 ____D C:\Users\Art\Documents\HpReg_Backup
2018-01-31 08:25 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\registration
2018-01-31 07:04 - 2015-01-01 21:30 - 000000000 ____D C:\Users\Art\AppData\Local\Google
2018-01-31 07:04 - 2015-01-01 21:30 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-31 07:03 - 2014-12-29 15:39 - 000000000 ___RD C:\Users\Art\OneDrive
2018-01-30 23:46 - 2015-08-18 19:55 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNEWPC$.job
2018-01-30 21:23 - 2017-03-28 18:46 - 000002088 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-01-25 10:01 - 2017-11-30 15:25 - 000003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNEWPC$
2018-01-24 22:44 - 2017-11-30 14:42 - 000000000 ____D C:\Program Files\Bonjour
2018-01-24 22:44 - 2016-12-29 21:41 - 000000000 ____D C:\Program Files (x86)\Ginger
2018-01-24 22:44 - 2016-12-01 13:31 - 000000000 ____D C:\Program Files\7-Zip
2018-01-24 22:44 - 2016-04-30 16:42 - 000000000 ____D C:\Program Files\TrueKey
2018-01-24 22:44 - 2016-01-06 10:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-24 22:44 - 2015-04-15 17:18 - 000000000 ____D C:\Program Files (x86)\AbleWord
2018-01-24 22:44 - 2015-04-15 05:49 - 000000000 ____D C:\pdfOCR
2018-01-24 22:44 - 2015-04-15 05:47 - 000000000 ____D C:\FreeOCR
2018-01-24 22:44 - 2015-02-18 20:56 - 000000000 ____D C:\Program Files (x86)\EZ Fonts
2018-01-24 13:57 - 2017-09-29 08:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-24 13:56 - 2017-05-07 14:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-24 13:14 - 2018-01-07 17:11 - 000000000 ____D C:\Program Files\ByteFence
2018-01-24 13:09 - 2018-01-07 17:14 - 000000000 ____D C:\ProgramData\WinZip
2018-01-24 05:17 - 2015-01-01 21:29 - 000000000 ____D C:\Users\Art\AppData\Local\Adobe
2018-01-24 05:08 - 2016-02-15 07:05 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-23 18:40 - 2018-01-07 17:12 - 000004134 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1515363156
2018-01-22 10:07 - 2015-06-15 07:50 - 000000000 ____D C:\Users\Art\AppData\Local\HP
2018-01-22 10:04 - 2015-06-08 16:44 - 000035328 _____ C:\Users\Art\Documents\PRESCIPTRION HOSPITAL.xls
2018-01-18 10:02 - 2017-04-29 17:32 - 000006567 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
==================== Files in the root of some directories =======
2015-01-17 21:27 - 2015-01-17 21:27 - 000000064 _____ () C:\Users\Art\AppData\Local\2a114732d6fd1a8a2f32dede23a97c19
2016-04-07 10:28 - 2016-04-07 10:28 - 000000017 _____ () C:\Users\Art\AppData\Local\resmon.resmoncfg
2015-12-08 09:19 - 2015-11-09 21:49 - 000022896 _____ () C:\Users\Art\AppData\Local\Z@!-51278c08-7841-45c6-809b-0793f4d725d5.tmp
2015-12-08 09:19 - 2015-11-09 21:49 - 000022896 _____ () C:\Users\Art\AppData\Local\Z@!-841e38d4-6057-4543-84f5-f1c6ef95f5e5.tmp
2015-12-08 09:19 - 2015-11-09 21:49 - 000023920 _____ () C:\Users\Art\AppData\Local\Z@S!-24c62962-3ed4-4c18-88d1-4429c7c31b88.tmp
Some files in TEMP:
====================
2018-02-13 19:35 - 2017-11-18 14:34 - 078346672 _____ (Malwarebytes                                                ) C:\Users\Art\AppData\Local\Temp\mb3-setup-consumer-3.3.1.2183.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\SysWOW64\explorer.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\SysWOW64\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\SysWOW64\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\SysWOW64\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
LastRegBack: 2018-01-24 17:38
==================== End of FRST.txt ============================


#14 tabber

tabber
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 17 February 2018 - 11:27 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by Art (17-02-2018 11:04:27)
Running from C:\Users\Art\Desktop\New folder
Windows 10 Home Version 1709 16299.192 (X64) (2017-11-30 20:41:04)
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-631909209-1285290160-1862233239-500 - Administrator - Disabled) => C:\Users\Administrator
Art (S-1-5-21-631909209-1285290160-1862233239-1001 - Administrator - Enabled) => C:\Users\Art
DefaultAccount (S-1-5-21-631909209-1285290160-1862233239-503 - Limited - Disabled)
Guest (S-1-5-21-631909209-1285290160-1862233239-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-631909209-1285290160-1862233239-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-631909209-1285290160-1862233239-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Expert PDF 9 Professional (HKLM\...\{698A90AC-452A-4534-9D53-55A5C14193F1}) (Version: 9.00.0000 - Avanquest Software)
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
Free PDF To JPG Converter 3.42 (HKLM-x32\...\Free PDF To JPG Converter_is1) (Version: 3.42 - )
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software) Hidden
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{B4398909-31F1-4889-8314-6464C5F7CCA1}) (Version: 40.11.1148.17181 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.46 - Softex Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lexmark CX410 Series Uninstaller (HKLM\...\Lexmark CX410 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCL Roster Controlller V3.1.1.1 (HKLM-x32\...\{AE211FAD-5F37-4F3A-B751-367F5495A216}) (Version: 1.0.0 - MCL)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
My Speedtest XP (HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\{798cfdd6-142b-4584-9605-bb47a7da5792}) (Version: 1.0 - My Speedtest XP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
PDF OCR 4.3 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version:  - PDF OCR)
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{1DC2E25B-08E2-4203-BD66-9B2BD189ECCE}) (Version: 40.11.1148.17181 - HP Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{090746F9-9F39-42C0-920A-4852C2EDE704}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{4947F20E-8FFC-4CA4-9460-BE9612F12155}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [    Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C9EDD4-DAAA-4DE6-8245-5FD32CCB6D60} - System32\Tasks\HPCeeScheduleForArt => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {064FE9ED-6489-4CA6-9746-C709037160E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-16] (Microsoft Corporation)
Task: {12713A24-F00E-44A8-9D0F-8DC44B8E43D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1640DF89-B7B8-4D05-8D19-B86A15D63145} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {1DED0CDC-4C25-4245-913A-82606E1757F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2CF3D90B-809D-40EF-AAC2-58BA733E1294} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {2FFE3EC0-F72D-4FD5-B652-11290758631A} - \WPD\SqmUpload_S-1-5-21-631909209-1285290160-1862233239-1001 -> No File <==== ATTENTION
Task: {30600347-239B-4AA0-A809-0AA74AAEB058} - System32\Tasks\Opera scheduled Autoupdate 1515363156 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe
Task: {334EA830-517C-4853-BBE9-6379BB882256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {34BB6B0E-B5B1-4E7F-8CB8-C315610EEA16} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-10] (AVAST Software)
Task: {34FF486E-BEB6-44CB-A28A-9778332B1B2F} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2017-06-30] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {361C6D10-AAE8-4599-A404-4AEA6E77181E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {41453B3D-216B-47F5-BC55-73B10CDB05E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4467F945-DC43-4A1D-8E5D-CB1BC350D4A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {47F9CF67-2CB8-405C-B1C8-0BBEFF63BF33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {4CC6D62F-2A6A-4936-A4B2-B18AD736238F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {507A7864-0669-485F-9C3F-CECAB717C00F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {513E2E86-4BFC-40B1-98C7-6DE6A9C29C43} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {52B5B64A-15DE-4025-9957-D812B5874A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {53F48531-DE07-4B93-8D2C-C780AE03E21B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BAD5BDB-7569-4EA2-8BDC-6628A4D78DB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {60043391-873E-469D-A074-1512952611A3} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-631909209-1285290160-1862233239-1001
Task: {616E1D54-583D-4F21-A03C-384D23CEE1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {635D682D-9B2F-450C-8559-5371FCAB52BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {644C80BC-9B7E-4626-A6AE-9AF08EFF512C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {6AAC0B0A-B3F4-49FC-875D-8EEC16733980} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7AC5C7DD-B2DF-438D-B01C-81BBA1143C93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {82898EA2-7E2C-4ADE-9AF1-1BD6AB7F0B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8B59D25D-7A18-4012-8343-449FE6C85D7B} - System32\Tasks\HPCeeScheduleForNEWPC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8C1277CF-46DA-41F6-82F1-2634A9635389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {92C4DCDE-A6B8-4436-ADD7-D279E4CBC631} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {934CEA17-855C-45DE-A9A9-14B0C73821E8} - System32\Tasks\S-1-5-21-631909209-1285290160-1862233239-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {9484613A-4C9B-468F-AA7B-BCD7BA0E3502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {9D268985-255C-4F5B-87DA-40C716296C31} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {9F469303-9A3D-436D-83A1-9BF91D612D6C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9FF2F836-2B17-45CB-A410-1FD2AA056605} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A9CFC1CD-FCFA-418A-953C-FD617374505B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA0845AC-374B-4C95-B129-E578CB957FD9} - System32\Tasks\{DD7516ED-1745-4B3F-B78F-D5769771450F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {AF79D4C3-DDC8-4C22-B0E0-FAFCFEC0B997} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {B174940A-44C7-4D49-B9F0-5126BEE4CFC2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B90B6DDB-AD2B-4510-80CA-BB2F2B57FF85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BBD091E2-9A25-4423-A7B8-3BE676C505E1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {BC547CB3-37A8-4921-9A11-337E7D6AE77B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {BFB4DEE6-5B70-45C5-B7F1-D32A18BD1997} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C89B3D4C-883F-4D1E-8629-087898571665} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Art\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CE3A65A3-066D-4397-9F48-C30A95E3A9DB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D0C2DCE1-86A2-4971-BB59-26F84892F0B9} - System32\Tasks\{3CD2D70F-95B8-4A35-9809-AB2BE5EB507F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {DE962C76-D1DB-4E11-927F-EF614EA1EB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {DF18DF51-ABD6-49BB-AB72-FBC1606B10A5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DF9599F5-47F2-4917-872C-7292C6535A66} - System32\Tasks\{7C05A33C-7792-4AE1-8967-58C65BCBA33A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {ED86D3CE-0F69-4628-B5E3-675356AAF28A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {F0B8C96B-CEC0-4D27-95C6-A3585169A2BC} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {FB7ED40A-9580-406E-96D9-2F639FBB3935} - System32\Tasks\{A4AAF140-5B73-4493-8A39-BD8BDD56B30F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Lexmark CX410 Series\Install\x64\LMAD4installgui.exe" -c /u OEMProductName="Lexmark CX410 Series"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForArt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNEWPC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-13 20:32 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-07 14:59 - 2017-05-07 14:59 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-13 08:33 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 08:33 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 06:56 - 2018-01-31 06:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 06:56 - 2018-01-31 06:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 [149]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2018-01-31 14:07 - 000002534 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 => 2
MSCONFIG\Services: Appinfo => 3
MSCONFIG\Services: BOT4Service => 2
MSCONFIG\Services: DSAO => 2
MSCONFIG\Services: GoToAssist Remote Support Customer => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: RoxioBurnLauncher => 2
MSCONFIG\Services: RoxMediaDB14 => 3
MSCONFIG\Services: RoxWatch14 => 2
MSCONFIG\Services: SlimService => 2
MSCONFIG\Services: SlimWareServices => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: wudfsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "vspdfprsrv.exe"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "DriverTalent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatch.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatchApp.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "LMab1err"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3C887CF25D895E4A0076FA090E083550"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "HP OfficeJet Pro 8710 (NET)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2DC0E7EB-2FC3-4AAE-8279-94C67D5B4DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D6D138B-A31E-4607-BF0D-17DE09C98C31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E7AA406-E0E2-437C-9CE6-9681669CB96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE8EF21A-D588-4E82-9720-96BEC671016C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA757DE8-4173-4D4D-AD7C-F364E53B30D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04C23989-F211-498E-B4E7-0F77B1B324FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B240AD1-D304-4522-ABF0-2072DEA1A2CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDA6E1DC-5151-4DF8-AED2-AADB8AFC90FD}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [{EDDA2F48-FF01-4D59-A5B4-76DF58A66691}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{F5CDECE2-E516-439C-A3C5-608784350B3D}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{CE9CA5AA-7253-4D26-8342-4DDB290F6FA3}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{403E27CD-A018-4D3E-AE26-D539E2B8032D}] => (Allow) C:\Users\Art\Documents\Artisteer 4\bin\Artisteer.exe
FirewallRules: [UDP Query User{C2A01494-8140-4B95-83C0-8AACD3C7FD96}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F16034F9-8DB6-405D-9A9C-2CA7235B728F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CD967EAD-2E78-4834-9A5D-2D8EDF8DB2FB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{A02FC1E2-1CFD-4429-A59B-3AF5B4CCC8E0}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{422B1B06-D678-4021-A772-98DE68321257}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{ABE9ADF5-4F70-4F33-B21A-B84E3FA20DCB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{70E22099-2C32-446C-ACF9-829273F4D90F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{35EA5A70-C8F0-4A43-9BB4-15FCBB2D198A}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{16E12152-BCD7-42FA-897C-92109E786EDA}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{ADF9A3C2-93C9-42DA-984C-1F721DFD7C27}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{2DC1F13A-CEEA-49D6-BFAE-780155D33249}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B92DA71-315C-4A76-B79B-A0F5BABA4B23}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{528C480F-B767-4551-B39D-DC70F5E6E1A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{214A00DD-70E4-4374-8E0E-9108BE008340}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3188E4A3-83A0-4ADC-AF77-3A81AA1536D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8D9B8161-9350-42B3-A449-14B76966BAAD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{9053C92C-F4F7-4706-99C3-397E540F42EB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{FDA9FCB4-274E-4388-A46C-C671126E206F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{46E9BF4D-E46B-487A-B0F2-9C294D6F5CF3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EAF514DB-79E2-46C2-95DC-FB2A422D4429}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EEC5A35A-CB33-4641-B9C4-45299AB2E805}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS62D6\HP.EasyStart.exe
FirewallRules: [TCP Query User{FEEE9989-7E06-43D7-9570-2A97BCFEA74E}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{CC99D13B-4EA6-46D6-9FEB-7003F51200E1}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{4AD5345B-0012-4D2D-92B6-58E6AF61DEFC}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{FB5BE48E-D14D-4449-AE56-76D1BD17CCE7}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{AF61CB75-28FE-4CA7-91E6-10414A5651E9}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{01737CBB-1B52-4302-B418-5126F84D817C}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{C6D8FCB6-F828-435A-92AD-48F782ED6326}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{9420CCE4-B32B-4FD6-B2B6-527AEC9E3627}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{DD654779-F617-4674-87E4-C9D87B7EA0F3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{9EBA8A8E-D35E-4EF8-B872-E8473E1F50D0}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{D71B3BCF-EE0A-4F7F-8817-06985AE1AF0B}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{7558D1FC-5DB0-4941-95F2-A0B2B43A6C1E}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{73721856-30A3-43DE-8FA6-CDF2FA2F5C6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================

==================== Faulty Device Manager Devices =============
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (02/17/2018 03:56:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xe0434352
Fault offset: 0x001008b2
Faulting process id: 0x124c
Faulting application start time: 0x01d3a7cd445077b8
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5cea84ca-4acf-4640-9a78-66c51655dadb
Faulting package full name:
Faulting package-relative application ID:
Error: (02/17/2018 03:56:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (02/16/2018 03:04:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xe0434352
Fault offset: 0x001008b2
Faulting process id: 0xe5c
Faulting application start time: 0x01d3a6fcc9b63c68
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f1cca2ec-41d7-45b9-8ecc-5656acf9f437
Faulting package full name:
Faulting package-relative application ID:
Error: (02/16/2018 03:04:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (02/15/2018 03:03:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xe0434352
Fault offset: 0x001008b2
Faulting process id: 0x1054
Faulting application start time: 0x01d3a6337f1bd06d
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 4cda82a2-7685-4cf3-9d71-f09a62618c0f
Faulting package full name:
Faulting package-relative application ID:
Error: (02/15/2018 03:03:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()
Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])
Error: (02/13/2018 08:16:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.

Operation:
   Instantiating VSS server

System errors:
=============
Error: (02/17/2018 11:10:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (02/17/2018 11:10:27 AM) (Source: DCOM) (EventID: 10005) (User: NEWPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/17/2018 11:09:27 AM) (Source: DCOM) (EventID: 10005) (User: NEWPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/17/2018 11:07:04 AM) (Source: DCOM) (EventID: 10005) (User: NEWPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/17/2018 11:06:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (02/17/2018 11:06:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (02/17/2018 11:04:28 AM) (Source: DCOM) (EventID: 10005) (User: NEWPC)
Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}
Error: (02/17/2018 11:04:28 AM) (Source: DCOM) (EventID: 10005) (User: NEWPC)
Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Windows Defender:
===================================
Date: 2018-02-03 11:12:17.297
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm;file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-02-03 11:12:12.467
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 20:50:11.285
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84AEF102-B8AE-4A7B-BA15-ABB8E839A051}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:46:03.728
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {04D33E96-370D-40E2-9FC3-33332CD3EB7E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:30:12.953
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {98BA8347-639C-4E53-9ADB-39600715A177}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-17 11:06:55.316
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2018-02-17 11:06:55.316
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2018-02-17 11:06:55.314
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2018-02-17 11:06:55.314
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2018-02-17 11:06:55.314
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
CodeIntegrity:
===================================
Date: 2018-02-03 12:55:49.226
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:55:49.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.849
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.847
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 8%
Total physical RAM: 16314.15 MB
Available physical RAM: 14965.35 MB
Total Virtual: 18746.15 MB
Available Virtual: 17569.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.97 GB) (Free:819.01 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.61 GB) (Free:2.58 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{7467d0cf-1858-4298-b15a-607fddf02dca}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS
\\?\Volume{111bb81a-f616-4275-a927-8e5347df8442}\ () (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32
\\?\Volume{b3f75a0e-4a3c-40be-a778-757e326eb106}\ () (Fixed) (Total:0.92 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B45667FC)
Partition: GPT.
==================== End of Addition.txt ============================


#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 17 February 2018 - 10:40 PM

Hi tabber :)

Let's begin by starting your computer in Safe mode if you cannot boot into Normal mode.

  • Run msconfig again and click on the tab that says, Boot
  • Make sure the box for Safe Boot is NOT checked
  • Click on OK and restart your computer
  • Let me know if you were able to boot into Normal mode
  • If you're still unable to boot into Normal mode, continue with the following steps anyway

When you copied the fix from your working computer to your nonworking computer, you used Word. That will not work

Perform the following steps in the order given:

  • Insert your flash drive into your working computer
  • Highlight the text below in its entirety and press Ctrl-C
Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1734203.js [2018-02-03] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1734203.cfg [2018-02-03] <==== ATTENTION
Folder: C:\MCLDBBackup
EmptyTemp:
End::
  • Open Notepad
  • Left-click in the empty Notepad window and press Ctrl-V to paste the contents of the fixlist into Notepad
  • Save the file using the File-> Save as ... menu choice as fixlist.txt onto your flash drive
  • Close Notepad
  • Eject the flash drive from your working computer and put it into your nonworking computer
  • Navigate to your flash drive with Windows Explorer on your nonworking computer then double-click the file, fixlist.txt
  • Notepad will open with the contents of the fixlist
  • Press Ctrl-A to highlight the entire text
  • Press Ctrl-C to copy the text
  • Run FRST64
  • Click on Fix
  • Close all open programs except FRST64 and allow the computer to restart when prompted to do so
  • When the computer boots back to your desktop, locate the file Fixlog.txt which will be created on your Desktop in the folder titled, New folder
  • Double click the file, Fixlog.txt to open it in Notepad
  • Save the file to your flash drive as Fixlog.txt
  • Close Notepad
  • Run FRST64
  • Check the box for List BCD
  • Click on Scan
  • When the scan completes, two Notepad windows will open
  • Using the File-> Save option in each Notepad window, copy FRST.txt and Addition.txt to your flash drive
  • Eject your flash drive
  • Put the flash drive back into your working computer
  • Open Fixlog.txt
  • Copy and paste the contents of that file into your next reply to me
  • Do the same for FRST.txt and Addition.txt

Next:

  • Test your internet connection

In summary I will need from you:

  • Fixlog.txt
  • FRST and Addition logs
  • Were you able to connect to the internet?
  • Were you able to boot into Normal mode?

Let me know if you have any questions.

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users