Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both my i7 laptops are incredibly slow - 100% disk


  • This topic is locked This topic is locked
37 replies to this topic

#1 kenton02

kenton02

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 25 April 2018 - 01:20 AM

My HP Pavillion dv7's both are incredibly slow to boot up and run (10's of minutes to boot).

 

I will look at the Windows 10 one first:

 

  • Intel i& Q 720 @ 1.6GHz
  • 8GB RAM
  • Win 10 64-bit

 

I have attached a screenshot of the disk usage about 15 mins after reboot.

I have run through the guide for slow computers.

 

Please help.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2018
Ran by kenton (administrator) on KENZOS-I7 (25-04-2018 15:41:02)
Running from C:\Users\kento\Downloads
Loaded Profiles: kenton (Available Profiles: kenton)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKBE.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17613.18039-0\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-09-22] ()
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [78752 2016-07-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKBE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-02-11]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{193f1a95-3ed4-481a-b296-55f000746d4a}: [DhcpNameServer] 10.238.17.233
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-25] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-20] (Microsoft Corporation)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001 -> hxxp://www.skysports.com.au/porCh-DbP-wheAt
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-21] ( Sanford L.P.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-06-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/","hxxp://www.google.com/","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault [2016-05-25] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11]
CHR Extension: (Google Docs) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Google Drive) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-02-16]
CHR Extension: (YouTube) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Google Search) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (Google Calendar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-03-16]
CHR Extension: (Google Sheets) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Trend Micro Toolbar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-22]
CHR Extension: (Status Bar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\ojjdiklbbogaliiljdbpbkkkghendjja [2016-02-16]
CHR Extension: (Gmail) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Profile: C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default [2018-04-25]
CHR Extension: (Docs) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-05-25]
CHR Extension: (YouTube) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-28]
CHR Extension: (Google Calendar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2018-02-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-04-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Status Bar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojjdiklbbogaliiljdbpbkkkghendjja [2016-05-25]
CHR Extension: (Gmail) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532040 2016-09-02] (VMware, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-21] (Sanford, L.P.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [234400 2016-07-27] ()
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [6313376 2016-08-04] ()
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-09-22] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-03-11] (Power Admin LLC)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-02-27] (TeamViewer GmbH)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe [1169992 2016-08-25] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [275872 2016-07-26] (VMware)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-25] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-03-30] (Synaptics Incorporated)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [311848 2018-04-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-25] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 urvpndrv; \SystemRoot\System32\drivers\covpnv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-25 15:41 - 2018-04-25 15:41 - 000018468 _____ C:\Users\kento\Downloads\FRST.txt
2018-04-25 15:40 - 2018-04-25 15:41 - 000000000 ____D C:\FRST
2018-04-25 15:40 - 2018-04-25 15:40 - 002404352 _____ (Farbar) C:\Users\kento\Downloads\FRST64.exe
2018-04-25 13:46 - 2018-04-25 13:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-25 11:30 - 2018-04-25 11:30 - 002001544 _____ C:\Users\kento\Downloads\pc-decrapifier-3.0.1.exe
2018-04-25 11:15 - 2018-04-25 11:15 - 000069662 _____ C:\Users\kento\Downloads\PageDefrag.zip
2018-04-25 11:15 - 2018-04-25 11:15 - 000000000 ____D C:\Users\kento\Downloads\PageDefrag
2018-04-25 11:13 - 2018-04-25 11:13 - 000215928 _____ (Sysinternals) C:\Users\kento\Downloads\pagedfrg.exe
2018-04-25 10:11 - 2018-04-25 10:11 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-25 09:59 - 2018-04-25 09:59 - 000000072 ___SH C:\bootTel.dat
2018-04-25 09:12 - 2018-04-25 09:12 - 000000000 ____D C:\Users\kento\AppData\Local\BlueStacks
2018-04-25 08:46 - 2018-04-25 08:46 - 000388608 _____ (Trend Micro Inc.) C:\Users\kento\Downloads\HijackThis (1).exe
2018-04-25 08:31 - 2018-04-25 08:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-09 20:17 - 2018-04-09 20:17 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-04-09 20:17 - 2018-04-09 20:17 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-04-09 20:17 - 2018-04-09 20:17 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-04-09 20:17 - 2018-04-09 20:17 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-04-02 10:15 - 2018-04-02 10:15 - 007914600 _____ (Tim Kosse) C:\Users\kento\Downloads\FileZilla_3.31.0_win64-setup.exe
2018-04-02 10:07 - 2018-04-02 10:07 - 000057598 _____ C:\Users\kento\Downloads\Google reCaptcha v3.2.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-25 15:38 - 2017-12-19 21:07 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{196069BB-0CF6-4F72-BEAB-88C4200BCBF2}
2018-04-25 15:38 - 2017-12-19 20:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-25 13:47 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-25 13:46 - 2017-09-29 23:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-04-25 13:43 - 2017-12-19 20:48 - 001023754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-25 13:41 - 2016-02-11 11:16 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-04-25 13:38 - 2017-09-29 18:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-25 13:36 - 2016-02-23 12:02 - 000000000 ____D C:\ProgramData\VMware
2018-04-25 13:35 - 2017-12-19 21:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-25 13:35 - 2017-09-29 18:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-04-25 13:35 - 2017-09-18 16:51 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-25 13:26 - 2017-09-29 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-25 13:26 - 2016-02-22 13:39 - 000007600 _____ C:\Users\kento\AppData\Local\Resmon.ResmonCfg
2018-04-25 13:12 - 2017-09-29 23:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-25 13:08 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-04-25 13:08 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\system32\setup
2018-04-25 13:08 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-04-25 13:08 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-04-25 09:51 - 2016-02-23 15:09 - 001536552 _____ C:\WINDOWS\ntbtlog.txt
2018-04-25 09:45 - 2017-10-11 19:12 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-25 09:45 - 2016-02-11 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-25 09:44 - 2016-02-11 11:07 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-25 09:37 - 2016-02-11 11:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-25 09:34 - 2018-01-31 08:05 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForkenton.job
2018-04-25 09:27 - 2017-12-19 20:24 - 000000000 ____D C:\Users\kento
2018-04-25 09:26 - 2018-02-17 08:52 - 000000000 ____D C:\Program Files (x86)\Kingo ROOT
2018-04-25 09:23 - 2017-04-21 16:59 - 000000000 ____D C:\ProgramData\F5 Networks
2018-04-25 09:21 - 2017-09-29 23:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-04-25 09:19 - 2018-01-31 08:05 - 000003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForkenton
2018-04-25 09:11 - 2017-09-29 23:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-04-25 08:59 - 2017-09-29 23:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-25 08:59 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-25 08:35 - 2016-05-05 09:52 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-04 05:37 - 2017-09-29 23:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-04 05:37 - 2017-09-29 23:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-02 10:46 - 2016-04-01 10:24 - 000000000 ____D C:\Users\kento\AppData\Roaming\FileZilla
 
==================== Files in the root of some directories =======
 
2016-06-15 17:59 - 2016-06-15 19:28 - 000074384 _____ () C:\Program Files (x86)\DLS8Uninstall.log
2016-02-24 09:33 - 2016-02-24 09:33 - 000483448 _____ () C:\Users\kento\AppData\Local\ars.cache
2016-02-24 09:33 - 2016-02-24 09:33 - 000538727 _____ () C:\Users\kento\AppData\Local\census.cache
2016-02-11 12:51 - 2016-02-24 13:32 - 000000036 _____ () C:\Users\kento\AppData\Local\housecall.guid.cache
2016-04-07 10:18 - 2016-07-01 14:37 - 000000600 _____ () C:\Users\kento\AppData\Local\PUTTY.RND
2016-02-22 13:39 - 2018-04-25 13:26 - 000007600 _____ () C:\Users\kento\AppData\Local\Resmon.ResmonCfg
2016-02-11 14:06 - 2017-09-12 22:23 - 000000010 _____ () C:\Users\kento\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2018-04-25 09:12 - 2016-04-26 15:37 - 000246808 _____ (BlueStack Systems) C:\Users\kento\AppData\Local\Temp\HD-Logger-Native.dll
2018-04-25 09:12 - 2016-04-26 15:39 - 000128536 _____ (BlueStack Systems) C:\Users\kento\AppData\Local\Temp\HD-ShortcutHandler.dll
2013-10-05 18:38 - 2013-10-05 18:38 - 000455328 _____ (Microsoft Corporation) C:\Users\kento\AppData\Local\Temp\msvcp120.dll
2013-10-05 18:38 - 2013-10-05 18:38 - 000970912 _____ (Microsoft Corporation) C:\Users\kento\AppData\Local\Temp\msvcr120.dll
2016-07-31 10:08 - 2016-07-31 10:08 - 003112960 _____ (Jason York) C:\Users\kento\AppData\Local\Temp\pc-decrapifier.exe
2018-04-25 09:12 - 2016-04-26 20:11 - 000552472 _____ (BlueStack Systems, Inc.) C:\Users\kento\AppData\Local\Temp\uninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-25 10:43
 
==================== End of FRST.txt ============================
 
Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.04.2018
Ran by kenton (25-04-2018 15:42:49)
Running from C:\Users\kento\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-19 11:11:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2352613256-3541214695-1633147492-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2352613256-3541214695-1633147492-503 - Limited - Disabled)
Guest (S-1-5-21-2352613256-3541214695-1633147492-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2352613256-3541214695-1633147492-1005 - Limited - Enabled)
kenton (S-1-5-21-2352613256-3541214695-1633147492-1001 - Administrator - Enabled) => C:\Users\kento
WDAGUtilityAccount (S-1-5-21-2352613256-3541214695-1633147492-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Active@ Partition Recovery 14 (HKLM\...\{9D7E3F86-DAA8-4894-96D6-A0AB26291A16}_is1) (Version: 14 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{B73DADFD-55B4-2DB6-2A03-7162A7D5AC81}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-7610 Series Printer Uninstall (HKLM\...\EPSON WF-7610 Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{2B596367-C40B-4765-803A-6D8B72509D6C}) (Version: 5.10.4203 - GoPro, Inc.) Hidden
Grammarly (HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\GrammarlyForWindows) (Version: 1.4.23 - Grammarly)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
Intel® Driver Update Utility 2.4 (HKLM-x32\...\{1766DD04-5D4D-40BC-953A-D80624BCC063}) (Version: 2.4.0.7 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.1 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Quik (HKLM\...\{5A037808-C957-4669-B082-A51453C669BC}) (Version: 0.1.4203 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{cf9c2af2-c9e9-4cf2-a835-62cc01c339d5}) (Version: 2.0.0.4203 - GoPro, Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.93231 - TeamViewer)
Teradata Studio nt-x8664 15.10.1 (HKLM\...\{22A8BBAF-6E56-4AC8-B823-B16015100100}) (Version: 15.10.01.00 - Teradata Corporation)
VFW_Codec32 (HKLM-x32\...\{889B82F0-4FCE-4D45-BD9D-F8CF69932F0D}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{191BBCC4-9C31-4892-9E5F-B38BAFE20553}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Horizon Client (HKLM\...\{9A01376A-2582-493C-A352-8E2529D17F2C}) (Version: 4.2.0.2831 - VMware, Inc.)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Windows Driver Package - Intel Corporation (igfx) Display  (06/24/2015 8.15.10.2900) (HKLM\...\24831DC0058E9BF2154FD17F883DFE2CD084F9B3) (Version: 06/24/2015 8.15.10.2900 - Intel Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
ZBar Bar Code Reader (HKLM-x32\...\ZBar) (Version: 0.10 - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-10-16] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-11-25] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-11-25] (VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02FB0C95-F2EF-4DF5-8D12-4751ACD03AA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {038AC1CC-B948-4535-AA04-17A171E3CB10} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {08FB4366-EF69-423B-A6F1-D962E030E7E6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {09D6815B-D39B-4B66-8C0D-041994136B4F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-05] (Dropbox, Inc.)
Task: {0E6C5EF3-3605-4CF8-9267-B7B1E7625DC8} - System32\Tasks\EPSON WF-7610 Series Invitation {14661A70-2A87-47C1-860F-D07939664040} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1563B9B9-3DC7-4631-B020-ACAA9411868C} - System32\Tasks\EPSON WF-3640 Series Update {CD1AE627-D278-4605-BAC5-60D42EDE829C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1B2F45CD-0965-477B-A3D2-499A83D8FB52} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-05] (Dropbox, Inc.)
Task: {21FBF267-0B77-414C-9604-3F14CBAAB260} - System32\Tasks\EPSON WF-7610 Series Update {6FA07D4F-7509-45CD-AB29-5A5DCEFA439E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {232455A1-A003-4358-9F67-5261CB115A99} - System32\Tasks\{FA193392-234C-4640-9B56-323B64FBC7EA} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{ec29af82-9c9e-420e-ab18-53821c36ac3c}\Bootstrapper.exe" -c  /uninstall
Task: {2AD744DE-9460-402C-80CC-CDE1265DFE65} - System32\Tasks\HPCeeScheduleForkenton => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2D95B63F-8EDC-4ADE-B322-3E826A47D370} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2E45AA98-4054-4D8F-AC20-5A25477A1B2D} - System32\Tasks\EPSON WF-3640 Series Invitation {FA41FFDB-11C8-4EAC-BBEE-6FBEA4D9D6C6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2F37BF5F-7406-471C-9252-2A79B84593FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {33DCB509-FCDD-4110-9826-319072DBFE40} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {4506E8AA-2046-4D52-AF9D-7145D3F8AEBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {4819720F-2F90-4AC7-ABEB-23947CD6746A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {4C7B2FED-65A2-41C6-9F32-3DBC8F76C25A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {5EB3B2B7-372A-41BF-A2B2-88973EE612DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-04-25] (Microsoft Corporation)
Task: {6337452A-D69F-4C85-A622-4887859B4E6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {7AE75DE2-4472-4EE2-B3D4-89C87F3DC913} - System32\Tasks\EPSON WF-7610 Series Invitation {6FA07D4F-7509-45CD-AB29-5A5DCEFA439E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {87ACC7B1-8B2F-4D59-AB95-4443F4442A39} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-10-11] (Microsoft)
Task: {9337DF38-48F8-4CF0-9060-C4C1AD551294} - System32\Tasks\EPSON WF-3640 Series Invitation {22FC11AB-222F-4AD4-9C6E-29E9A87CB4C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {94227B68-FBF4-4C40-8910-C9D7ACC828BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {94C267DA-E07A-49E4-A2DF-ED5FABDD7EAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {9E4EE8A7-C4EB-44FC-A49F-66508284DE10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {A5A1B297-9DEE-4BE7-9EEC-A7A17F5BFEBB} - System32\Tasks\EPSON WF-7610 Series Update {14661A70-2A87-47C1-860F-D07939664040} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {A69ACA30-5819-4638-A328-77A8617D72D5} - System32\Tasks\EPSON WF-7610 Series Update {CC6B315D-419F-45AB-A4BA-673F943C1AA0} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AE8A4965-BB3A-4CF9-8CF8-0CA8518C9578} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {B1F7090C-E820-45A8-894E-74585698753E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {BA810FB7-CF00-44AA-98C3-949F88102CA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {C0E89543-9DFB-4C16-93FF-3B137E0D5BD3} - System32\Tasks\EPSON WF-7610 Series Invitation {CC6B315D-419F-45AB-A4BA-673F943C1AA0} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C18D28EE-915E-4AE7-A40A-DCD0DB320982} - System32\Tasks\EPSON WF-7610 Series Update {03DD2E95-B19B-42A1-BDFD-20C8B89EA681} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C2172AF1-037A-41A0-9DBD-F973CE4C0384} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {C42634E0-63E7-4841-9E53-0F59B8880D3C} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-10-11] (Microsoft)
Task: {C82E8A3C-A0C7-4CE3-B035-3D4F0BA9EB10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {C90143B9-156B-457B-A260-CB35DB8D916D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {CB590729-81BC-4251-A98C-2D24CBE81546} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {D1B56162-F108-42F7-B6E2-1277944850FC} - System32\Tasks\EPSON WF-3640 Series Update {FA41FFDB-11C8-4EAC-BBEE-6FBEA4D9D6C6} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {D5B25875-6EA7-4858-81BF-2CC00511BC84} - System32\Tasks\EPSON WF-3640 Series Update {22FC11AB-222F-4AD4-9C6E-29E9A87CB4C5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DAFEB289-9B1F-4A34-9BD2-1453BBBBDF00} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {EF5B010C-4DAA-4873-9349-AA3C1080CC6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MpCmdRun.exe [2018-04-25] (Microsoft Corporation)
Task: {F3C8D862-499C-4303-A676-9754B1951A8D} - System32\Tasks\EPSON WF-3640 Series Invitation {CD1AE627-D278-4605-BAC5-60D42EDE829C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F4374F5E-7B8A-44D2-8FAC-34AC7CACE652} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-22] ()
Task: {F6B17333-9864-4CE0-938F-57BF4B1592E7} - System32\Tasks\EPSON WF-7610 Series Invitation {C5F1D74E-C724-456B-A12B-DFD0A75F7648} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FB435C02-0C1D-4C9B-A9AE-CBBFE1D2A816} - System32\Tasks\EPSON WF-7610 Series Invitation {03DD2E95-B19B-42A1-BDFD-20C8B89EA681} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {FF09EC61-FADD-4D9B-90E2-F31BFBD340A7} - System32\Tasks\EPSON WF-7610 Series Update {C5F1D74E-C724-456B-A12B-DFD0A75F7648} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {22FC11AB-222F-4AD4-9C6E-29E9A87CB4C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {CD1AE627-D278-4605-BAC5-60D42EDE829C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FA41FFDB-11C8-4EAC-BBEE-6FBEA4D9D6C6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {22FC11AB-222F-4AD4-9C6E-29E9A87CB4C5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{22FC11AB-222F-4AD4-9C6E-29E9A87CB4C5} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {CD1AE627-D278-4605-BAC5-60D42EDE829C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{CD1AE627-D278-4605-BAC5-60D42EDE829C} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FA41FFDB-11C8-4EAC-BBEE-6FBEA4D9D6C6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{FA41FFDB-11C8-4EAC-BBEE-6FBEA4D9D6C6} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {03DD2E95-B19B-42A1-BDFD-20C8B89EA681}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {14661A70-2A87-47C1-860F-D07939664040}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {6FA07D4F-7509-45CD-AB29-5A5DCEFA439E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {C5F1D74E-C724-456B-A12B-DFD0A75F7648}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {CC6B315D-419F-45AB-A4BA-673F943C1AA0}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {03DD2E95-B19B-42A1-BDFD-20C8B89EA681}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{03DD2E95-B19B-42A1-BDFD-20C8B89EA681} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {14661A70-2A87-47C1-860F-D07939664040}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{14661A70-2A87-47C1-860F-D07939664040} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {6FA07D4F-7509-45CD-AB29-5A5DCEFA439E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{6FA07D4F-7509-45CD-AB29-5A5DCEFA439E} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {C5F1D74E-C724-456B-A12B-DFD0A75F7648}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{C5F1D74E-C724-456B-A12B-DFD0A75F7648} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {CC6B315D-419F-45AB-A4BA-673F943C1AA0}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{CC6B315D-419F-45AB-A4BA-673F943C1AA0} /F:UpdateWORKGROUP\KENZOS-I7$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForkenton.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZBar Bar Code Reader\zbarcam.lnk -> C:\Program Files (x86)\ZBar\bin\zbarcam.bat ()
 
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZBar Bar Code Reader\ZBar Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\ZBar\zbarvars.bat""
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TREZOR Chrome Extension.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 23:41 - 2017-09-29 23:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-06-18 14:22 - 2017-01-17 02:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-27 13:06 - 2016-07-27 13:06 - 000234400 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2016-06-18 14:26 - 2017-01-31 22:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2018-03-19 21:46 - 2018-02-22 10:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-19 21:46 - 2018-02-22 10:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-22 19:50 - 2016-09-22 19:50 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2016-08-04 15:16 - 2016-08-04 15:16 - 006313376 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
2016-09-22 19:50 - 2016-09-22 19:50 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2018-03-23 07:40 - 2018-03-20 16:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 07:40 - 2018-03-20 16:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2018-04-25 08:43 - 2018-04-25 08:44 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-19 21:36 - 2018-03-19 21:36 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2015-11-25 17:10 - 2015-11-25 17:10 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-07-27 13:06 - 2016-07-27 13:06 - 000241056 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\health.gov.au -> hxxps://desktop.health.gov.au
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 17:24 - 2017-05-31 18:40 - 000000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.238.17.233
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "Platinum"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Trend Micro Client Framework"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "DLSService"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "F5_SAM_Client"
HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{187EE074-BEDA-4848-A006-6BF23A73955C}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{CE93C2BC-FF55-4CE6-9F48-C5CAD1D19C13}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{9230EC70-DCA6-43B4-8F70-73D9482E9523}] => (Allow) LPort=1900
FirewallRules: [{3AEB3BDD-DC0C-451A-8F76-919D016FD19D}] => (Allow) LPort=2869
FirewallRules: [{4290F8D0-937C-45F2-84B3-EC9A7096FE34}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47EF4B9D-83E7-4FD9-829A-F918AADF8729}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2CDA418D-3408-429C-B061-FCFC89C5C006}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{78323989-C392-4BFF-B0A8-F5C15CEDE0AD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{923A11CA-E6B6-41C3-8BD0-D86D02C26D9E}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3AC42438-1E6F-4D32-A066-254CE8820F85}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4AB1B48A-D936-4DD9-B607-57294C68EDB3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{38F712C7-2AA5-4D5F-8FAE-8C171AEA1609}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{971A5D87-89BA-41FE-BAA9-55903A2A153C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D56A52EA-708C-4C4F-B41B-C83A9BC435D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C85A519-BA09-404F-B83F-7027090AAF3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A4A2348B-94AE-424F-BF9D-3328677C0AFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{41E831BC-FFF8-4CF5-9FD2-47DD2FA3D32E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5F46143B-4259-4815-BEE6-93EDDB892C51}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{4CAEB1AA-66F1-4077-B1B2-48820B73A901}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{32E116BC-44E0-4A61-AB1B-22D37CE2ED4A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\Quik.exe
FirewallRules: [{CB195A82-7D07-4917-ACF3-18EC692857DA}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{C587E65C-42EB-416C-A323-058838865F92}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{962EA30B-9111-406A-AF32-4D9427CFE6AB}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{DDAE0093-1B9E-4878-BA70-9CA4377F105C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{A4DDB8FE-1C0F-4600-B122-94FF12B4F273}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{DC5F65BC-E27F-41E0-9A3D-8D131A55B702}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{7DE27AE3-4721-406C-8A3B-D5171CC22DB0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [TCP Query User{7F823067-F3FC-49E8-AECC-3003E9122FC2}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [UDP Query User{99085CCA-727C-4AA6-915D-D7F7E95549B9}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [{BE39EF31-63BC-412D-BB76-8788E8C28FAE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6CE8C529-F5BE-45C5-A36E-BF2959FAC247}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00CB35BD-1156-4C19-A331-156A7D0801B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4AA6A9C2-65B5-4A39-BBBA-F69A9BFFE266}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ABD4D38A-A7C0-40D7-B23C-D3136CF33144}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CD9BBDF-9432-4876-8E73-9FEE1907D32A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
05-04-2018 13:21:00 Scheduled Checkpoint
25-04-2018 09:04:07 Removed BlueStacks App Player
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2018 10:52:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.16299.248, time stamp: 0xefd6d9e3
Faulting module name: combase.dll, version: 10.0.16299.15, time stamp: 0x3db461b4
Exception code: 0xc0000005
Fault offset: 0x00000000000b67f8
Faulting process ID: 0x217c
Faulting application start time: 0x01d3dc2e82ad6748
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report ID: 0dc2763d-5528-4021-9896-4a93ade8d78c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/25/2018 09:52:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialise the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/25/2018 08:36:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.16299.251 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 25b8
 
Start Time: 01d3dc1c334d4bf3
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 786614a0-7db5-4e76-8c85-e2d83bf36002
 
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (04/25/2018 08:36:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KENZOS-I7)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (04/25/2018 08:31:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/25/2018 08:25:27 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (3668,U,0) SRUJet: Database recovery/restore failed with unexpected error -344.
 
Error: (04/25/2018 08:25:27 AM) (Source: ESENT) (EventID: 471) (User: )
Description: svchost (3668,U,0) SRUJet: Unable to rollback operation #40467 on database C:\WINDOWS\system32\SRU\SRUDB.dat. Error: -344. All future database updates will be rejected.
 
Error: (04/19/2018 08:45:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.248, time stamp: 0xc27fa098
Exception code: 0xc000027b
Fault offset: 0x00000000006e80e9
Faulting process ID: 0x1e44
Faulting application start time: 0x01d3ce0b6a8d2c3d
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 6ef9180c-3624-49c2-b905-67e89e1e4c2c
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (04/25/2018 01:44:12 PM) (Source: DCOM) (EventID: 10016) (User: KENZOS-I7)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KENZOS-I7\kenton SID (S-1-5-21-2352613256-3541214695-1633147492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:43:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.267.306.0).
 
Error: (04/25/2018 01:37:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:37:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:17:22 PM) (Source: DCOM) (EventID: 10016) (User: KENZOS-I7)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user KENZOS-I7\kenton SID (S-1-5-21-2352613256-3541214695-1633147492-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:14:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:14:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/25/2018 01:12:33 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
 
 
Windows Defender:
===================================
Date: 2018-04-25 13:46:12.658
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {68867130-C5B9-40EF-81E1-234EC898E542}
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2018-04-25 13:39:48.270
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C45B0A86-5C77-4FE1-818E-8026466BDEBD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-04-25 13:43:47.774
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
CodeIntegrity:
===================================
 
Date: 2018-04-25 15:27:10.699
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 15:27:10.697
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 15:12:07.998
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 15:12:07.995
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 15:11:17.212
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 15:11:17.209
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 14:57:05.155
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-25 14:57:05.152
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 27%
Total physical RAM: 8125.86 MB
Available physical RAM: 5909.65 MB
Total Virtual: 9405.86 MB
Available Virtual: 6762.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:697.16 GB) (Free:595.63 GB) NTFS
Drive g: (Data) (Fixed) (Total:698.51 GB) (Free:664.77 GB) NTFS
 
\\?\Volume{eca13e86-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{eca13e86-0000-0000-0000-c069ae000000}\ () (Fixed) (Total:0.98 GB) (Free:0.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: ECA13E86)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=697.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1006 MB) - (Type=27)
 
========================================================
Disk: 1 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 25 April 2018 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {038AC1CC-B948-4535-AA04-17A171E3CB10} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2D95B63F-8EDC-4ADE-B322-3E826A47D370} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
ShortcutWithArgument: C:\Users\kento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1463120570&a=1054667&src=sh&uuid=f2442d9d-ad45-47e0-afad-e2be79cb1b0f"
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2352613256-3541214695-1633147492-1001\...\driversupport.com -> hxxps://apps.driversupport.com

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension => not found
CHR Profile: C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault [2016-05-25] <==== ATTENTION
CHR Extension: (Trend Micro Toolbar) - C:\Users\kento\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-02-22]
S3 urvpndrv; \SystemRoot\System32\drivers\covpnv64.sys [X]

C:\Users\kento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
C:\Users\kento\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

:step1:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.
===

p.s.
This fix is only for this computer.
If the other computer is also compromised you will need to create a new topic for that computer.
We do not service 2 computers in the same topic.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 01 May 2018 - 09:00 AM

Hi,

Are you still with me?

#4 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 04 May 2018 - 10:07 PM

Sorry, I didn't seem to get the notification you'd replied. Looking at it now



#5 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 05 May 2018 - 01:56 AM

  1. 20180505MBAM.txt attached.
  2. 20180505AdwCleanerS00.txt attached.

 

Thanks

K

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 05 May 2018 - 08:11 AM

Hi,

Make sure this has been deleted by the AdwCleaner tool.
PUP.Optional.Legacy Viewpoint Search

===

Has the problem been solved?

#7 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 05 May 2018 - 09:08 AM

So I ran adwCleaner and it said no threats found.

 

I rebooted and timed things:

1:00.54 Picture comes up and i put in password

2:57.75 Finally able to run Task manager and it shows 100% disk usage (Superfetch is #1)

4:03.04 Chrome automatically brings this page back up

7:43.27 First time disk drops below 100% momentarily.

9:20.35 Disk stops running at 100% ... now peaking at 5 or 10%

 

So, still bad.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 05 May 2018 - 01:13 PM

Hi,

Disable the Superfetch service.

How to:
https://www.technipages.com/windows-enable-disable-superfetch

How is it now?

#9 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 05 May 2018 - 06:19 PM

Thanks, that dramatically helped.

 

I did a hard reboot this time and came up with the following numbers:

1:31 Login Picture (still took about 15-20 sec before login prompt available)

2:41 Task Manager (desktop surprised me as to how fast it appeared  :bananas: )

2:55 Chrome autostart

3:32 100% disk usage stops. Laptop useable.

 

The malware stuff seemed to cause a lot of the 100% disk usage as well as chrome.

 

If I have 1 chrome window (with only 1 tab), should I have 7 chrome instances showing in task manager (see screenshot)?

 

Is this the best I can expect or is there more that can be done?



#10 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 05 May 2018 - 07:46 PM

Oops ... attached now

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 06 May 2018 - 07:22 AM

Hi,

The Google processes are Ok.

A process is used for any Extensions and Plug-ins.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#12 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 11 May 2018 - 09:20 PM

Hmmm ... seems to have gone back to 100% disk for what seems an eternity  :smash:

 

Multiple threads from Windows Modules Installer Worker (see attached)


Edited by kenton02, 11 May 2018 - 09:28 PM.


#13 kenton02

kenton02
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 11 May 2018 - 09:28 PM

Attached:

Attached Files

  • Attached File  WIMW.JPG   62.71KB   0 downloads


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 12 May 2018 - 07:17 AM

Hi,

Navigate to this page and read it.
http://www.thewindowsclub.com/windows-modules-installer-worker-high-cpu-disk-usage

You may be able to try some of the suggested fixes.

If at any time you need help before proceeding ask.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,180 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:22 AM

Posted 18 May 2018 - 06:49 AM

Hi,

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users