Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.02.2018
Ran by Art (14-02-2018 10:23:45)
Running from C:\Users\Art\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-11-30 20:41:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-631909209-1285290160-1862233239-500 - Administrator - Disabled) => C:\Users\Administrator
Art (S-1-5-21-631909209-1285290160-1862233239-1001 - Administrator - Enabled) => C:\Users\Art
DefaultAccount (S-1-5-21-631909209-1285290160-1862233239-503 - Limited - Disabled)
Guest (S-1-5-21-631909209-1285290160-1862233239-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-631909209-1285290160-1862233239-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-631909209-1285290160-1862233239-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AbleWord v3.0 (HKLM-x32\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DummyInstaller (HKLM-x32\...\{E2210743-20C9-48E3-BA03-B1E39772E662}) (Version: 1.0.0 - Microsoft)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Expert PDF 9 Professional (HKLM\...\{698A90AC-452A-4534-9D53-55A5C14193F1}) (Version: 9.00.0000 - Avanquest Software)
EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
Free PDF To JPG Converter 3.42 (HKLM-x32\...\Free PDF To JPG Converter_is1) (Version: 3.42 - )
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
Garmin City Navigator North America NT 2016.20 (HKLM-x32\...\{79A8C65B-0289-45A2-9A8D-6AAE0B64A374}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Ginger (HKLM-x32\...\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software) Hidden
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.179 - Ginger Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{B4398909-31F1-4889-8314-6464C5F7CCA1}) (Version: 40.11.1148.17181 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.46 - Softex Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lexmark CX410 Series Uninstaller (HKLM\...\Lexmark CX410 Series) (Version: - Lexmark International, Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MCL Roster Controlller V3.1.1.1 (HKLM-x32\...\{AE211FAD-5F37-4F3A-B751-367F5495A216}) (Version: 1.0.0 - MCL)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
My Speedtest XP (HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\{798cfdd6-142b-4584-9605-bb47a7da5792}) (Version: 1.0 - My Speedtest XP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
PDF OCR 4.3 (HKLM-x32\...\{3D122AF9-1E02-4035-8003-334D378C1B62}_is1) (Version: - PDF OCR)
Product Improvement Study for HP OfficeJet Pro 8710 (HKLM\...\{1DC2E25B-08E2-4203-BD66-9B2BD189ECCE}) (Version: 40.11.1148.17181 - HP Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{090746F9-9F39-42C0-920A-4852C2EDE704}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{4947F20E-8FFC-4CA4-9460-BE9612F12155}\InprocServer32 -> C:\Program Files\Avanquest\Expert PDF 9 Professional\APAX.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-631909209-1285290160-1862233239-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Art\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers2: [CWDDriveMenuHandler] -> {CCEFA845-DCDB-4A2F-8BED-DBE87CD198EC} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-09-07] (Carbonite, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
ContextMenuHandlers6: [WDBackupMenuHandler] -> {C752BC82-C19A-4827-9C15-0996BA85C180} => C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [2014-07-22] (Western Digital Technologies, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00C9EDD4-DAAA-4DE6-8245-5FD32CCB6D60} - System32\Tasks\HPCeeScheduleForArt => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {064FE9ED-6489-4CA6-9746-C709037160E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-01-16] (Microsoft Corporation)
Task: {12713A24-F00E-44A8-9D0F-8DC44B8E43D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1640DF89-B7B8-4D05-8D19-B86A15D63145} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {1DED0CDC-4C25-4245-913A-82606E1757F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2CF3D90B-809D-40EF-AAC2-58BA733E1294} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {2FFE3EC0-F72D-4FD5-B652-11290758631A} - \WPD\SqmUpload_S-1-5-21-631909209-1285290160-1862233239-1001 -> No File <==== ATTENTION
Task: {30600347-239B-4AA0-A809-0AA74AAEB058} - System32\Tasks\Opera scheduled Autoupdate 1515363156 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe
Task: {334EA830-517C-4853-BBE9-6379BB882256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {34BB6B0E-B5B1-4E7F-8CB8-C315610EEA16} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-10] (AVAST Software)
Task: {34FF486E-BEB6-44CB-A28A-9778332B1B2F} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8710 => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPCustPartic.exe [2017-06-30] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {361C6D10-AAE8-4599-A404-4AEA6E77181E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {41453B3D-216B-47F5-BC55-73B10CDB05E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4467F945-DC43-4A1D-8E5D-CB1BC350D4A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {47F9CF67-2CB8-405C-B1C8-0BBEFF63BF33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {4CC6D62F-2A6A-4936-A4B2-B18AD736238F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {507A7864-0669-485F-9C3F-CECAB717C00F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {513E2E86-4BFC-40B1-98C7-6DE6A9C29C43} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {52B5B64A-15DE-4025-9957-D812B5874A15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {53F48531-DE07-4B93-8D2C-C780AE03E21B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BAD5BDB-7569-4EA2-8BDC-6628A4D78DB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {60043391-873E-469D-A074-1512952611A3} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-631909209-1285290160-1862233239-1001
Task: {616E1D54-583D-4F21-A03C-384D23CEE1EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {635D682D-9B2F-450C-8559-5371FCAB52BB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {644C80BC-9B7E-4626-A6AE-9AF08EFF512C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {6AAC0B0A-B3F4-49FC-875D-8EEC16733980} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {7AC5C7DD-B2DF-438D-B01C-81BBA1143C93} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {82898EA2-7E2C-4ADE-9AF1-1BD6AB7F0B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8B59D25D-7A18-4012-8343-449FE6C85D7B} - System32\Tasks\HPCeeScheduleForNEWPC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8C1277CF-46DA-41F6-82F1-2634A9635389} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {92C4DCDE-A6B8-4436-ADD7-D279E4CBC631} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {934CEA17-855C-45DE-A9A9-14B0C73821E8} - System32\Tasks\S-1-5-21-631909209-1285290160-1862233239-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {9484613A-4C9B-468F-AA7B-BCD7BA0E3502} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-01] (Google Inc.)
Task: {9D268985-255C-4F5B-87DA-40C716296C31} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {9F469303-9A3D-436D-83A1-9BF91D612D6C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9FF2F836-2B17-45CB-A410-1FD2AA056605} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A9CFC1CD-FCFA-418A-953C-FD617374505B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA0845AC-374B-4C95-B129-E578CB957FD9} - System32\Tasks\{DD7516ED-1745-4B3F-B78F-D5769771450F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {AF79D4C3-DDC8-4C22-B0E0-FAFCFEC0B997} - System32\Tasks\TechUtilities => C:\Program Files\TechUtilities\TechUtilities.exe
Task: {B174940A-44C7-4D49-B9F0-5126BEE4CFC2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B90B6DDB-AD2B-4510-80CA-BB2F2B57FF85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BBD091E2-9A25-4423-A7B8-3BE676C505E1} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {BC547CB3-37A8-4921-9A11-337E7D6AE77B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {BFB4DEE6-5B70-45C5-B7F1-D32A18BD1997} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C89B3D4C-883F-4D1E-8629-087898571665} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Art\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {CE3A65A3-066D-4397-9F48-C30A95E3A9DB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D0C2DCE1-86A2-4971-BB59-26F84892F0B9} - System32\Tasks\{3CD2D70F-95B8-4A35-9809-AB2BE5EB507F} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {DE962C76-D1DB-4E11-927F-EF614EA1EB21} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {DF18DF51-ABD6-49BB-AB72-FBC1606B10A5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DF9599F5-47F2-4917-872C-7292C6535A66} - System32\Tasks\{7C05A33C-7792-4AE1-8967-58C65BCBA33A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {ED86D3CE-0F69-4628-B5E3-675356AAF28A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {F0B8C96B-CEC0-4D27-95C6-A3585169A2BC} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {FB7ED40A-9580-406E-96D9-2F639FBB3935} - System32\Tasks\{A4AAF140-5B73-4493-8A39-BD8BDD56B30F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Lexmark CX410 Series\Install\x64\LMAD4installgui.exe" -c /u OEMProductName="Lexmark CX410 Series"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForArt.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNEWPC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TechUtilities.job => C:\Program Files\TechUtilities\TechUtilities.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-07 14:59 - 2017-05-07 14:59 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-12-13 08:33 - 2017-11-26 07:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 08:33 - 2017-11-26 07:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 06:56 - 2018-01-31 06:57 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 06:56 - 2018-01-31 06:57 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-02-10 19:52 - 2018-02-10 19:52 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-10 19:51 - 2018-02-10 19:51 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 [149]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2018-01-31 14:07 - 000002534 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AJRouter => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: Appinfo => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BOT4Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: camsvc => 3
MSCONFIG\Services: CarboniteService => 2
MSCONFIG\Services: CDPSvc => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: DevQueryBroker => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: diagnosticshub.standardcollector.service => 3
MSCONFIG\Services: diagsvc => 3
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: DmEnrollmentSvc => 3
MSCONFIG\Services: dmwappushservice => 3
MSCONFIG\Services: DoSvc => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DSAO => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: DsSvc => 3
MSCONFIG\Services: DusmSvc => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: FrameServer => 3
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: GingerUpdateService => 2
MSCONFIG\Services: GoToAssist Remote Support Customer => 2
MSCONFIG\Services: GraphicsPerfSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hp3ddgsrv => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: HvHost => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: icssvc => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: InstallService => 3
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: IpxlatCfgSvc => 3
MSCONFIG\Services: irmon => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LicenseManager => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 3
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: NaturalAuthentication => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NetSetupSvc => 3
MSCONFIG\Services: NetTcpPortSharing => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: omniserv => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PushToInstall => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: RemoteAccess => 3
MSCONFIG\Services: RemoteRegistry => 4
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RoxioBurnLauncher => 2
MSCONFIG\Services: RoxMediaDB14 => 3
MSCONFIG\Services: RoxWatch14 => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 4
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: shpamsvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SlimService => 2
MSCONFIG\Services: SlimWareServices => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrueKey => 2
MSCONFIG\Services: TrueKeyScheduler => 3
MSCONFIG\Services: TrueKeyServiceHelper => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: tzautoupdate => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: valWBFPolicyService => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 2
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 2
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\Services: YahooAUService => 3
HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "vspdfprsrv.exe"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "DriverTalent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatch.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "StormWatchApp.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "LMab1err"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3C887CF25D895E4A0076FA090E083550"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-631909209-1285290160-1862233239-1001\...\StartupApproved\Run: => "HP OfficeJet Pro 8710 (NET)"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2DC0E7EB-2FC3-4AAE-8279-94C67D5B4DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D6D138B-A31E-4607-BF0D-17DE09C98C31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E7AA406-E0E2-437C-9CE6-9681669CB96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE8EF21A-D588-4E82-9720-96BEC671016C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA757DE8-4173-4D4D-AD7C-F364E53B30D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04C23989-F211-498E-B4E7-0F77B1B324FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B240AD1-D304-4522-ABF0-2072DEA1A2CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CDA6E1DC-5151-4DF8-AED2-AADB8AFC90FD}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [{EDDA2F48-FF01-4D59-A5B4-76DF58A66691}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS43CB\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{F5CDECE2-E516-439C-A3C5-608784350B3D}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{CE9CA5AA-7253-4D26-8342-4DDB290F6FA3}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{403E27CD-A018-4D3E-AE26-D539E2B8032D}] => (Allow) C:\Users\Art\Documents\Artisteer 4\bin\Artisteer.exe
FirewallRules: [UDP Query User{C2A01494-8140-4B95-83C0-8AACD3C7FD96}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F16034F9-8DB6-405D-9A9C-2CA7235B728F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CD967EAD-2E78-4834-9A5D-2D8EDF8DB2FB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{A02FC1E2-1CFD-4429-A59B-3AF5B4CCC8E0}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1C66\HPDiagnosticCoreUI.exe
FirewallRules: [{422B1B06-D678-4021-A772-98DE68321257}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{ABE9ADF5-4F70-4F33-B21A-B84E3FA20DCB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1A1A\HPDiagnosticCoreUI.exe
FirewallRules: [{70E22099-2C32-446C-ACF9-829273F4D90F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{35EA5A70-C8F0-4A43-9BB4-15FCBB2D198A}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS594F\HPDiagnosticCoreUI.exe
FirewallRules: [{16E12152-BCD7-42FA-897C-92109E786EDA}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{ADF9A3C2-93C9-42DA-984C-1F721DFD7C27}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS58C9\HPDiagnosticCoreUI.exe
FirewallRules: [{2DC1F13A-CEEA-49D6-BFAE-780155D33249}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B92DA71-315C-4A76-B79B-A0F5BABA4B23}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{528C480F-B767-4551-B39D-DC70F5E6E1A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{214A00DD-70E4-4374-8E0E-9108BE008340}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3188E4A3-83A0-4ADC-AF77-3A81AA1536D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{8D9B8161-9350-42B3-A449-14B76966BAAD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{9053C92C-F4F7-4706-99C3-397E540F42EB}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{FDA9FCB4-274E-4388-A46C-C671126E206F}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS2CA6\HPDiagnosticCoreUI.exe
FirewallRules: [{46E9BF4D-E46B-487A-B0F2-9C294D6F5CF3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EAF514DB-79E2-46C2-95DC-FB2A422D4429}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS44F9\HPDiagnosticCoreUI.exe
FirewallRules: [{EEC5A35A-CB33-4641-B9C4-45299AB2E805}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS62D6\HP.EasyStart.exe
FirewallRules: [TCP Query User{FEEE9989-7E06-43D7-9570-2A97BCFEA74E}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{CC99D13B-4EA6-46D6-9FEB-7003F51200E1}C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8710\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{4AD5345B-0012-4D2D-92B6-58E6AF61DEFC}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{FB5BE48E-D14D-4449-AE56-76D1BD17CCE7}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS6A0C\HPDiagnosticCoreUI.exe
FirewallRules: [{AF61CB75-28FE-4CA7-91E6-10414A5651E9}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{01737CBB-1B52-4302-B418-5126F84D817C}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS1510\HPDiagnosticCoreUI.exe
FirewallRules: [{C6D8FCB6-F828-435A-92AD-48F782ED6326}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.58\opera.exe
FirewallRules: [{9420CCE4-B32B-4FD6-B2B6-527AEC9E3627}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{DD654779-F617-4674-87E4-C9D87B7EA0F3}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS61F4\HPDiagnosticCoreUI.exe
FirewallRules: [{9EBA8A8E-D35E-4EF8-B872-E8473E1F50D0}] => (Allow) C:\Users\Art\AppData\Local\Programs\Opera\50.0.2762.67\opera.exe
FirewallRules: [{D71B3BCF-EE0A-4F7F-8817-06985AE1AF0B}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{7558D1FC-5DB0-4941-95F2-A0B2B43A6C1E}] => (Allow) C:\Users\Art\AppData\Local\Temp\7zS66BD\HPDiagnosticCoreUI.exe
FirewallRules: [{73721856-30A3-43DE-8FA6-CDF2FA2F5C6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
Could not list restore points
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2018 08:16:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS server
Error: (02/03/2018 12:42:05 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Instantiating VSS server
Error: (02/03/2018 12:37:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS server
Error: (02/03/2018 12:37:27 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
Operation:
Instantiating VSS server
Error: (02/03/2018 12:30:20 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Operation:
Instantiating VSS server
System errors:
=============
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (02/13/2018 08:37:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Windows Defender:
===================================
Date: 2018-02-03 11:12:17.297
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm;file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-02-03 11:12:12.467
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=SupportScam:JS/TechBrolo.Q&threatid=2147719800&enterprise=0
Name: SupportScam:JS/TechBrolo.Q
ID: 2147719800
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Art\AppData\Local\Microsoft\Windows\INetCache\IE\WKZRS95W\TollFree-1-877-224-2412[1].htm->(UTF-8)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
Signature Version: AV: 1.261.724.0, AS: 1.261.724.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 20:50:11.285
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84AEF102-B8AE-4A7B-BA15-ABB8E839A051}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:46:03.728
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {04D33E96-370D-40E2-9FC3-33332CD3EB7E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-01-31 19:30:12.953
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {98BA8347-639C-4E53-9ADB-39600715A177}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-02-13 20:33:29.993
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.993
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
Date: 2018-02-13 20:33:29.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.725.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800706d9
Error description: There are no more endpoints available from the endpoint mapper.
CodeIntegrity:
===================================
Date: 2018-02-03 12:55:49.226
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:55:49.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 12:08:07.815
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:53:07.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.849
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-02-03 11:31:56.847
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 17%
Total physical RAM: 16314.15 MB
Available physical RAM: 13408.18 MB
Total Virtual: 18746.15 MB
Available Virtual: 16294 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:905.97 GB) (Free:818.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.61 GB) (Free:2.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:1862.89 GB) (Free:27.63 GB) NTFS
\\?\Volume{7467d0cf-1858-4298-b15a-607fddf02dca}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS
\\?\Volume{111bb81a-f616-4275-a927-8e5347df8442}\ () (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32
\\?\Volume{b3f75a0e-4a3c-40be-a778-757e326eb106}\ () (Fixed) (Total:0.92 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B45667FC)
Partition: GPT.
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 1BC0320E)
Partition: GPT.
==================== End of Addition.txt ============================