Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my laptop is infected


  • This topic is locked This topic is locked
10 replies to this topic

#1 Hairdresser28

Hairdresser28

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:05:18 PM

Posted 26 April 2018 - 09:56 AM

Hi, I have a hp 15-f272wm windows 10 laptop, I have many redirects, and when i log off it always says someone else is still using computer. thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2018
Ran by trina (administrator) on DESKTOP-PPSBS4P (24-04-2018 23:14:53)
Running from C:\Users\Catrina Dworaczyk\Documents
Loaded Profiles: trina & DemiD (Available Profiles: trina & jenkb & DemiD & Administrator)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iFunSoft) C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{01C34104-5263-407D-B666-C7343D39ED1A}\66.0.3359.117_65.0.3325.181_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_7C166.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_7C166.tmp\setup.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe
(Google) C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe
(Google) C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230304 2017-12-15] (Realtek Semiconductor)
HKLM\...\Run: [LMADGmon] => C:\Program Files (x86)\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-09] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.)
HKLM-x32\...\Run: [LMADGmon] => C:\Program Files (x86)\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135968 2018-03-15] (Intel)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [Google Update] => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [Google Photos Backup] => C:\Users\Catrina Dworaczyk\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2018-04-09] (Google, Inc)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.8.2\AOL.EXE [80816 2016-09-22] (AOL Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [6955224 2017-06-27] (Piriform Ltd)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\lmab1err.exe [645296 2012-08-07] ()
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [LMADGmon] => C:\Program Files (x86)\Lexmark S410 Series\LMADGmon.exe [952496 2012-09-07] ()
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [1362432 2018-03-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3406778120-1784066138-574441924-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1003\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-03-18] (Apple Inc.)
HKU\S-1-5-21-3406778120-1784066138-574441924-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-03-18] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{2d142d5e-81fb-47e0-835f-4326b27896cb}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKU\S-1-5-21-3406778120-1784066138-574441924-1001 -> {675B122B-BB8D-4298-BCF5-359F28F0692D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3406778120-1784066138-574441924-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-19] (Oracle Corporation)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3406778120-1784066138-574441924-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-3406778120-1784066138-574441924-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.healthcare.gov/images/favicon.ico
CHR Profile: C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default [2018-04-24]
CHR Extension: (Slides) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-22]
CHR Extension: (YouTube) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (OfferUp) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeobddbjanlolglliphmmnffbloffop [2017-05-25]
CHR Extension: (Individual Application - Additional i...) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbgpabhbnkooldbhdjljdnlgjipkaon [2018-01-29]
CHR Extension: (Sheets) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (Google Photos) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08]
CHR Extension: (Gmail) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
CHR Profile: C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-09]
CHR Profile: C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-10]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-09] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-09] (AVAST Software)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2018-03-15] (Intel)
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-12-07] (HP Inc.)
S4 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.)
R2 iFunSoftUpdaterSvc; C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe [2956472 2017-12-26] (iFunSoft)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-12-15] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-10-11] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-09] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-04-09] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-04-09] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-04-09] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-04-09] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-09] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-24] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-09] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-09] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-09] (AVAST Software)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-11] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-16] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-15] (Malwarebytes)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-04-17] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2017-06-22] (Realtek Semiconductor Corp.)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-08-11] (Realtek )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6859592 2017-12-15] (Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-07] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2017-05-11] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-05-23] (Zemana Ltd.)
S3 cpuz143; \??\C:\Users\CATRIN~1\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X] <==== ATTENTION
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
S3 RTSUER; \SystemRoot\system32\Drivers\RtsUer.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-24 23:14 - 2018-04-24 23:16 - 000022454 _____ C:\Users\Catrina Dworaczyk\Documents\FRST.txt
2018-04-24 23:14 - 2018-04-24 23:14 - 000000000 ____D C:\FRST
2018-04-24 23:13 - 2018-04-24 23:13 - 002404352 _____ (Farbar) C:\Users\Catrina Dworaczyk\Documents\FRST64.exe
2018-04-13 03:07 - 2018-04-13 03:07 - 000000000 ____D C:\Users\DemiD\AppData\Roaming\AVAST Software
2018-04-10 18:01 - 2018-04-10 18:01 - 000003928 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2018-04-09 13:02 - 2018-04-09 13:02 - 000027560 _____ C:\Users\Catrina Dworaczyk\Documents\cc_20180409_130233.reg
2018-04-09 12:34 - 2018-04-09 12:34 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-04-09 12:34 - 2018-04-09 12:34 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-09 12:31 - 2018-04-09 12:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-04-09 12:30 - 2018-04-12 16:01 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-04-09 12:30 - 2018-04-09 12:30 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-09 12:28 - 2018-04-24 22:39 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys.152462748445301
2018-04-09 12:28 - 2018-04-09 12:26 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-09 12:28 - 2018-04-09 12:26 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-09 12:28 - 2018-04-09 12:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-09 12:28 - 2018-04-09 12:24 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-04-09 12:28 - 2018-04-09 12:24 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-09 12:28 - 2018-04-09 12:24 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-04-09 12:28 - 2018-04-09 12:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-04-09 12:28 - 2018-04-09 12:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-04-09 12:27 - 2018-04-09 12:27 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-09 12:27 - 2018-04-09 12:26 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-09 12:23 - 2018-04-09 12:23 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-09 12:22 - 2018-04-09 15:04 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-09 11:44 - 2018-04-09 11:44 - 000000000 ____D C:\ProgramData\ProductData
2018-04-08 23:07 - 2018-04-10 23:43 - 084672512 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-04-08 20:08 - 2018-04-09 11:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-06 17:55 - 2018-04-06 17:55 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-06 15:57 - 2018-04-06 17:54 - 000000396 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAdministrator.job
2018-04-06 15:57 - 2018-04-06 16:19 - 000003320 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAdministrator
2018-04-06 15:57 - 2018-04-06 15:57 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\IObit
2018-04-06 15:57 - 2018-04-06 15:57 - 000000000 ____D C:\Users\Administrator\AppData\Local\HP_Development_Company,_L
2018-04-06 14:53 - 2018-04-06 14:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2018-04-06 14:53 - 2018-04-06 14:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2018-04-06 14:10 - 2018-04-06 14:10 - 000025288 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\kb4078130_b86f0bf2dc0866a0e117ed2d4a5302fab0493a7b.exe
2018-04-06 13:34 - 2018-04-06 13:34 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2018-04-06 13:26 - 2018-04-06 13:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\DropboxOEM
2018-04-06 10:34 - 2018-04-06 10:34 - 000030417 _____ C:\ProgramData\agent.uninstall.1523028874.bdinstall.bin
2018-04-05 18:49 - 2018-04-05 18:49 - 000003390 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3406778120-1784066138-574441924-500
2018-04-04 23:31 - 2018-04-04 23:31 - 000000000 ____D C:\Users\Administrator\AppData\Local\NetworkTiles
2018-04-04 21:06 - 2018-04-04 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-04-04 21:03 - 2018-04-04 21:03 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-04-04 21:03 - 2018-04-04 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-04 21:03 - 2018-04-04 21:03 - 000000000 ____D C:\Program Files\iPod
2018-04-04 21:01 - 2018-04-04 21:03 - 000000000 ____D C:\Program Files\iTunes
2018-04-04 20:54 - 2018-04-04 20:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-04-04 20:54 - 2018-04-04 20:54 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-04-04 20:53 - 2018-04-04 20:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-04-04 20:42 - 2018-04-04 21:06 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2018-04-04 20:42 - 2018-04-04 21:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2018-04-04 20:42 - 2018-04-04 20:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple
2018-04-04 20:40 - 2018-04-04 20:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-04-04 20:39 - 2018-04-04 20:39 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IObit
2018-04-04 20:36 - 2018-04-05 18:49 - 000002394 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-04 20:36 - 2018-04-05 18:49 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-04-04 20:30 - 2018-04-04 20:30 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-04-04 20:30 - 2018-04-04 20:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-04-04 20:29 - 2018-04-04 20:29 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-04-04 20:29 - 2018-04-04 20:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-04-04 20:29 - 2018-04-04 20:29 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-04-04 20:28 - 2018-04-06 17:55 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-04-04 20:28 - 2018-04-06 15:33 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-04-04 20:28 - 2018-04-04 20:36 - 000000000 ____D C:\Users\Administrator
2018-04-04 20:28 - 2018-04-04 20:28 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-04-04 20:28 - 2018-04-04 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2018-04-04 20:28 - 2018-04-04 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2018-04-04 20:28 - 2018-04-04 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-04-04 20:28 - 2018-04-04 20:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-04-04 20:28 - 2016-10-18 00:28 - 000000000 ____D C:\Users\Administrator\Documents\hp.system.package.metadata
2018-04-04 20:28 - 2016-10-18 00:28 - 000000000 ____D C:\Users\Administrator\Documents\hp.applications.package.appdata
2018-04-03 02:16 - 2018-04-10 16:41 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-04-03 02:16 - 2018-04-03 02:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-04-01 19:00 - 2018-04-01 19:00 - 000000000 ____D C:\Users\Catrina Dworaczyk\Desktop\everything{ED7BA470-8E54-465E-825C-99712043E01C}
2018-03-29 19:57 - 2018-03-29 19:57 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-29 18:33 - 2018-04-10 23:32 - 000000000 ____D C:\Users\Catrina Dworaczyk\AppData\Local\PlaceholderTileLogoFolder
2018-03-29 03:22 - 2018-03-29 03:22 - 000000000 ____D C:\Users\Catrina Dworaczyk\Documents\FeedbackHub

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-24 23:15 - 2017-05-23 23:06 - 000160013 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-24 22:51 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-24 22:44 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-24 22:44 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-24 22:28 - 2018-01-02 17:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-12 16:05 - 2017-12-09 02:39 - 000000000 ___RD C:\Users\DemiD\iCloudDrive
2018-04-12 16:02 - 2018-02-13 02:18 - 000000000 ____D C:\Users\DemiD\AppData\Roaming\Intel
2018-04-12 16:02 - 2017-11-20 00:25 - 000000000 __SHD C:\Users\DemiD\IntelGraphicsProfiles
2018-04-11 00:02 - 2018-01-02 17:56 - 000000000 ____D C:\Users\Catrina Dworaczyk
2018-04-10 23:50 - 2018-02-07 17:36 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-04-10 23:44 - 2018-01-02 18:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-10 23:43 - 2017-09-29 03:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-04-10 23:39 - 2016-10-23 21:12 - 000000000 ____D C:\Users\Catrina Dworaczyk\AppData\Local\ElevatedDiagnostics
2018-04-10 18:05 - 2018-01-02 17:54 - 001526114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-10 18:01 - 2018-02-07 15:40 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-04-10 18:01 - 2018-02-07 15:40 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-04-10 17:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-10 16:47 - 2016-11-25 02:56 - 000007662 _____ C:\Users\Catrina Dworaczyk\AppData\Local\resmon.resmoncfg
2018-04-09 14:16 - 2017-09-19 12:37 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFortrina.job
2018-04-09 13:14 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\Registration
2018-04-09 12:44 - 2016-09-18 11:11 - 000000000 ____D C:\Users\Catrina Dworaczyk\AppData\Roaming\AVAST Software
2018-04-09 12:29 - 2018-01-02 18:29 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFortrina
2018-04-09 12:26 - 2018-01-02 06:59 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-09 12:22 - 2018-01-02 18:29 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-09 12:22 - 2017-07-25 01:49 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-08 23:07 - 2017-09-19 17:03 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-04-08 19:46 - 2017-09-19 12:42 - 000001118 ____H C:\IPH.PH
2018-04-08 19:46 - 2017-05-23 23:47 - 000000000 ____D C:\AdwCleaner
2018-04-08 19:45 - 2017-09-19 12:46 - 000001110 _____ C:\Users\Public\Desktop\AOL Desktop Install.lnk
2018-04-06 14:51 - 2018-02-07 17:08 - 000000000 ____D C:\WINDOWS\LastGood
2018-04-04 20:54 - 2016-10-04 23:56 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-04-04 20:46 - 2017-09-29 08:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-04-04 20:29 - 2015-07-16 01:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-03 02:40 - 2017-11-08 01:33 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-03 02:40 - 2016-09-22 01:49 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-03 02:16 - 2015-11-16 15:06 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-29 20:38 - 2018-02-07 16:58 - 000000000 ____D C:\Users\Catrina Dworaczyk\AppData\Roaming\Intel
2018-03-29 20:38 - 2018-02-07 16:56 - 000000000 ____D C:\ProgramData\Intel.sav
2018-03-29 20:38 - 2017-05-08 23:16 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-03-29 20:38 - 2016-10-18 00:14 - 000000000 ____D C:\Program Files\Intel
2018-03-29 20:38 - 2015-11-16 15:12 - 000000000 ____D C:\ProgramData\Intel
2018-03-29 20:38 - 2015-11-16 15:09 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-29 20:36 - 2015-07-13 11:28 - 000000000 ____D C:\SWSetup
2018-03-29 03:34 - 2018-01-17 02:06 - 000002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-03-29 01:01 - 2017-05-08 23:03 - 000000000 ____D C:\Users\Catrina Dworaczyk\AppData\Local\Adobe
2018-03-29 00:21 - 2018-01-02 18:29 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-29 00:21 - 2018-01-02 18:29 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-29 00:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-29 00:21 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-26 13:22 - 2016-09-22 02:22 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-26 13:22 - 2016-09-22 02:22 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-26 13:20 - 2018-01-02 18:29 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3406778120-1784066138-574441924-1001
2018-03-26 13:20 - 2016-09-18 11:14 - 000002406 _____ C:\Users\Catrina Dworaczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-26 13:20 - 2016-09-18 11:14 - 000000000 ___RD C:\Users\Catrina Dworaczyk\OneDrive

==================== Files in the root of some directories =======

2016-11-25 02:56 - 2018-04-10 16:47 - 000007662 _____ () C:\Users\Catrina Dworaczyk\AppData\Local\resmon.resmoncfg
2017-11-16 01:07 - 2017-11-16 01:09 - 000000248 _____ () C:\Users\Catrina Dworaczyk\AppData\Local\tempuninstall.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-11 00:11

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by trina (26-04-2018 09:48:05)
Running from C:\FRST\Logs
Windows 10 Home Version 1709 16299.125 (X64) (2018-01-02 23:31:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3406778120-1784066138-574441924-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3406778120-1784066138-574441924-503 - Limited - Disabled)
DemiD (S-1-5-21-3406778120-1784066138-574441924-1003 - Limited - Enabled) => C:\Users\DemiD
Guest (S-1-5-21-3406778120-1784066138-574441924-501 - Limited - Disabled)
jenkb (S-1-5-21-3406778120-1784066138-574441924-1002 - Limited - Enabled) => C:\Users\jenkb
trina (S-1-5-21-3406778120-1784066138-574441924-1001 - Administrator - Enabled) => C:\Users\Catrina Dworaczyk
WDAGUtilityAccount (S-1-5-21-3406778120-1784066138-574441924-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.117 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\Google Photos Backup) (Version: 1.1.3.6 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
iCloud (HKLM\...\{5BD11939-D2C2-4F1B-AAAF-5ECE19A801F7}) (Version: 7.4.0.111 - Apple Inc.)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{4d4a045b-9761-43d2-811c-1c29cbdb7459}) (Version: 18.12.0000.3040 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.3.0.13 - IObit)
IOTransfer 1.3 (HKLM-x32\...\IOTransfer_is1) (Version: 1.3.0 - iFunSoft)
iTunes (HKLM\...\{5581A594-89CB-4062-81C3-2E9F7A76FBE0}) (Version: 12.7.4.76 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Lexmark Network Twain Scan Driver (HKLM-x32\...\{57799805-67CC-4401-5C6F-540D2E3DDE40}) (Version: 1.18.129.0 - Lexmark International, Inc.)
Lexmark S410 Series Uninstaller (HKLM\...\Lexmark S410 Series) (Version: - Lexmark International, Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8198 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.8 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
XnConvert 1.74 (HKLM\...\XnConvert_is1) (Version: 1.74 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3406778120-1784066138-574441924-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3406778120-1784066138-574441924-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3406778120-1784066138-574441924-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-03-18] (Apple Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B1AE93-795E-4247-B8B8-2A47A8CF1592} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001Core1d257e35337b4a5 => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
Task: {0D43A5EB-9BBC-4383-B03B-CED49FA50A4A} - System32\Tasks\Microsoft\Windows\PLA\System\{32033F8C-3BB2-41A0-A37C-06DAF193DD40}_System Performance => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Performance" "$(Arg0)"
Task: {0D43A5EB-9BBC-4383-B03B-CED49FA50A4A} - System32\Tasks\Microsoft\Windows\PLA\System\{32033F8C-3BB2-41A0-A37C-06DAF193DD40}_System Performance => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{32033F8C-3BB2-41A0-A37C-06DAF193DD40}_System Performance"
Task: {0D92AEBB-FF72-4D8B-8113-36EDEB6C219A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {10297667-2095-451F-862D-AADAE1535D26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001UA => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
Task: {1A54B5FF-4F2D-43DD-9D12-D0ADD40E62AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {292D3FA9-FF2C-4B8C-A124-C377B75BF76C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {33FF8C6D-9A54-44FA-89D3-88509DF990A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-25] (Adobe Systems Incorporated)
Task: {35D41140-34A7-4EEA-9364-903C4A843F33} - System32\Tasks\S-1-5-21-3406778120-1784066138-574441924-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {405E004D-80A3-4FF3-BBF2-FA11873A45D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {468D9765-A33C-47E0-AA14-F7B3A2837537} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2017-09-27] (HP Inc.)
Task: {48369F81-1CE0-434F-8ECC-0F28CA8F01BB} - System32\Tasks\HPCeeScheduleFortrina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {4D82270D-56B7-4F2C-8620-5145CC60FC11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {518BBB6E-2001-4535-8F57-182E1FAA16D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {55AA55A8-0BE7-416E-8044-33E61F8059B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-25] (Adobe Systems Incorporated)
Task: {5D583747-7545-4A7D-AF73-8081A0C9376A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {71198104-4502-4ACD-AF5E-2B1623F37671} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {7BA39616-010B-404B-82BF-5179B6D000C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {7D6625EE-D1DA-4B34-A0E7-C006CEA75FA5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-19] ()
Task: {7F604638-E16C-4765-80B1-52AE5887A0E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp80220.exe <==== ATTENTION
Task: {841FA392-0761-474F-A1DD-22E8A88C0098} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {85B18F06-A0E3-4725-B6AD-D5EEDD98E7C1} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {8C6C8BFB-4504-4F4C-A11A-7CBE602FE0C0} - System32\Tasks\HPCeeScheduleForAdministrator => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {94D7EEF8-A06D-454B-BE4E-97F787D588AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {95D44282-B9A6-4812-9528-F749B2C1184F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001UA1d257e353756ce0 => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
Task: {9AB4E684-0CD2-4E3E-B8DF-9AC3E89DCBFC} - System32\Tasks\Microsoft\Windows\PLA\System\{3198D677-E1ED-4FEE-BB38-EF9FE175408C}_System Diagnostics => Command(1): C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {9AB4E684-0CD2-4E3E-B8DF-9AC3E89DCBFC} - System32\Tasks\Microsoft\Windows\PLA\System\{3198D677-E1ED-4FEE-BB38-EF9FE175408C}_System Diagnostics => Command(2): C:\WINDOWS\system32\schtasks.exe -> /delete /f /tn "\Microsoft\Windows\PLA\System\{3198D677-E1ED-4FEE-BB38-EF9FE175408C}_System Diagnostics"
Task: {9D2EC775-740D-4700-AB7D-D3BC1AF82B42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {B007E255-A448-4F1D-A9CB-B68EAE7DC8C7} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {BAF9B039-31C7-46D4-AB44-D5A91970937F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {C055CE7A-91F8-4D60-99A7-1727193281F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {C6756A07-B467-428F-A58B-BCCE842D32BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {CC8177AE-3459-48D0-A459-DFE8DEEFA203} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {CE01B326-5849-434F-AEA8-46504CA2E8A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)
Task: {D0642F2B-0FC0-454D-8D94-CD0AFFEABE53} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {D305F19F-8954-4328-B187-2FC2FE46961E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {D64D00FA-9A3F-4294-8A62-F330C8B363C1} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe
Task: {DD2C8AE9-8DD0-42DD-B56A-FA0B856E9D86} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E9C99DE0-13C1-4A19-8B72-B18F16D5A356} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001Core => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe [2016-10-16] (Google Inc.)
Task: {EB74164D-EEBA-4843-8B94-41A86F6DC96E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {F19CFD15-41E5-4416-BB71-53F04C3B1635} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe
Task: {FC01EC51-5A18-40A9-9F1C-E7473504108B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {FE3B4215-6A08-4C53-8988-8B850CF2BAEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001Core.job => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406778120-1784066138-574441924-1001UA.job => C:\Users\Catrina Dworaczyk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAdministrator.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFortrina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Catrina Dworaczyk\Desktop\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Catrina Dworaczyk\Desktop\Individual Application - Additional i.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ebbgpabhbnkooldbhdjljdnlgjipkaon
ShortcutWithArgument: C:\Users\Catrina Dworaczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Catrina Dworaczyk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Individual Application - Additional i.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ebbgpabhbnkooldbhdjljdnlgjipkaon
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-13 11:00 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-13 20:33 - 2017-12-13 20:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 20:33 - 2017-12-13 20:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-17 02:09 - 2018-01-17 02:09 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-25 00:32 - 2018-04-17 00:01 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libglesv2.dll
2018-04-25 00:32 - 2018-04-17 00:01 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.117\libegl.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 004173824 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 003634176 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-12-09 14:48 - 2016-11-30 12:26 - 000624960 _____ () C:\Program Files (x86)\iFunSoft\iFunSoft Updater\ProductStatistics.dll
2017-11-19 16:58 - 2017-05-22 12:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-11-19 16:58 - 2017-05-22 12:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-11-19 16:58 - 2017-05-22 12:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-02-22 03:03 - 2018-01-25 18:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-11-19 16:58 - 2018-01-25 18:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-11-19 16:58 - 2017-05-22 12:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2018-04-25 15:29 - 000004980 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com

There are 84 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3406778120-1784066138-574441924-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AOL ACS => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SynTPEnhService => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "LMADGmon"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "LMADGmon"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "Google Photos Backup"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "Software Informer"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "Speccy"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "LMab1err"
HKU\S-1-5-21-3406778120-1784066138-574441924-1001\...\StartupApproved\Run: => "LMADGmon"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{04BA4F66-B613-4AB6-961F-332938DB5907}C:\program files (x86)\lexmark s410 series\lmadgmon.exe] => (Block) C:\program files (x86)\lexmark s410 series\lmadgmon.exe
FirewallRules: [TCP Query User{29517DE0-C5C8-4031-A8A0-2345A98BCD7A}C:\program files (x86)\lexmark s410 series\lmadgmon.exe] => (Block) C:\program files (x86)\lexmark s410 series\lmadgmon.exe
FirewallRules: [{3BD0B14F-CF76-4B79-97BB-CB252156C46F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AFBD5D86-6E9D-4E66-BA8C-EFB3DA834563}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{09359157-EDFA-49DB-90FB-24238FF1110E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9D76989D-EA53-4DEF-B866-B9FBE2AFC52A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D0DEAACA-BE5A-45C9-B766-FAF674CF29FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{51BDE92A-F192-4930-8E59-71A0EC4CBCD4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{3D0DF250-D187-4D44-9C0D-9D561E007361}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4391636-09FC-4B0B-9CA5-6C6DB926102A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAD28ADA-F805-4F7E-9080-ABD09D5BEDBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02656023-F796-4CC5-84CA-E0A5FE209C49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5FF747FC-E16C-471D-B06B-CBAFF127AB95}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{F6262630-53DE-40D3-8DA5-C3D30525ECD5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7AE3F7CC-F5FB-4C63-9A16-80BF91ABE15B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{3ED1B8FC-F824-4F2F-A7D9-00F9D79A6378}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{BF4EB5FE-27BE-473C-B094-6947EBF8C3B1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{ACA77B74-871A-49CC-8B18-DDF42F16A209}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{9F83E962-0CB2-49F9-9742-9B7D9F72E526}] => (Allow) LPort=445
FirewallRules: [{5CEA62D0-F03C-40EE-84D9-EDCCE5577EFA}] => (Allow) LPort=445
FirewallRules: [{ECE8BAE7-7D45-4395-935C-2ED5BA72557D}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTWAIN\lexnetworkds.ds
FirewallRules: [{7C5C4991-C39C-4317-B83B-AB11FEB47FD5}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTWAIN\lexnetworkds.ds
FirewallRules: [{EF973104-7276-4946-AC96-CE3215F4B4C9}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{691426AE-26E0-49EB-886C-1D56046EE215}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{D593FD45-D003-4028-B710-12836B79DB73}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{2E96469D-9B0D-4ED3-87A1-6191CF41CACE}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{60F6ECA6-FBBC-44E6-BCF5-2E8A798DA9B4}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{80D8043D-D605-47C5-92F6-5D72484EA655}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{47F61C2D-CB88-4A04-9D65-BBAC5B98B62A}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMabscw.dll
FirewallRules: [{9863B0D7-B7CE-4069-8E01-E599F7A0810E}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMabscw.dll
FirewallRules: [{20B7D989-D47B-41B9-90CA-8DC1BA635D1D}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMADGlscn.exe
FirewallRules: [{F0ACFB41-E419-40A2-A244-FB69FA0735E0}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMADGlscn.exe
FirewallRules: [{B744B076-5A4D-4DDB-8358-8641906F0DD7}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMADGmon.exe
FirewallRules: [{3A9B78D7-12A7-48EA-BE3F-2B6BCE6457E4}] => (Allow) C:\Program Files (x86)\Lexmark S410 Series\LMADGmon.exe
FirewallRules: [{16DB8F9A-68FE-4642-9633-FD62110B9D37}] => (Allow) C:\Program Files (x86)\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{6F27792D-BF01-42D9-9AA6-BC99600F6F3D}] => (Allow) C:\Program Files (x86)\Lexmark\WirelessSetup\LMwpss.exe
FirewallRules: [{7CC5F993-E149-4024-91E6-EC5292376B2E}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{37F65F14-9D2A-4FAC-8D93-B09D94407327}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{A9A1251E-5D88-48BA-A73A-205C86755CE4}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{F87F890C-AF2A-4B15-973A-CE75D71601F0}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe
FirewallRules: [{113CDC93-7757-4FC8-9CC3-A301B5DF5A9C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{06157588-C52E-4753-B373-195850BE6C7D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{2F1E784D-A349-4AB3-92CE-4E00D178F7BE}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B28897BD-41F2-428A-A82B-D3C92A604C30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{6F906974-820B-4D0A-BD9B-05117F4D1ED2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{9F4EB935-AD36-4AC5-9EA8-1E923DCEC009}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{4AF96DD9-54B2-4975-B1F5-19C473BAC540}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{F79BA8F0-B299-4738-AC25-E1D087191B23}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{897C5A52-EF2C-41DF-960E-F29ECE3D241F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{7E6F7B15-5245-42E9-A959-A5D754369358}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{F1311C2B-64BC-47E7-AA70-CFDEE7313668}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{0E97D620-1E05-4B10-8E47-FEA11A38C343}] => (Allow) LPort=445
FirewallRules: [{E777FE62-7E33-4C5F-9CE3-BCA5FFAA7429}] => (Allow) LPort=445
FirewallRules: [{B2597CDB-8C4A-4BA6-964B-97DF8F804104}] => (Allow) LPort=445
FirewallRules: [{E1CA0475-0066-4F8C-91E4-927087BDADCB}] => (Allow) LPort=445
FirewallRules: [{9BC5CEB0-E01F-407B-82B2-A3199254C6F4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{E206D1DE-4007-44D3-AAB5-74A3AAD5E678}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{C822CB7E-478F-4795-B1CE-8D595AF6AF12}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{3BAB6F4A-3095-4EB5-BDB6-C3483679E477}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [UDP Query User{533A5A0F-9536-409F-BE89-7A85C09EFBD5}C:\program files (x86)\hp\hp system event\hpsocksvc.exe] => (Allow) C:\program files (x86)\hp\hp system event\hpsocksvc.exe
FirewallRules: [TCP Query User{963B9425-48BD-4EAD-BBB9-5F659A0CE514}C:\program files (x86)\hp\hp system event\hpsocksvc.exe] => (Allow) C:\program files (x86)\hp\hp system event\hpsocksvc.exe
FirewallRules: [{B6F973B9-4E29-4372-8738-32B4C1812193}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{2CF3AC1C-7A71-479C-B4CC-194E1FFE1F78}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{39CAEAAE-59FC-43B5-BC41-F8FD13F2C24D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{0201E67C-ED01-4962-A8C4-53ACCCFE3420}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{65BD37C5-33AD-4E44-BC3D-4DA75ADBC33D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{11093FC9-7C9F-46DE-8C8F-E7980A89A2C2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B309D692-495C-40C0-ACB6-E196024811BB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\aol.exe
FirewallRules: [{34CDE1D4-A6E7-4984-80DC-1A05BC9A6780}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\aol.exe
FirewallRules: [{4BA3AEA0-CD24-462A-8802-6FDDCB44C7F4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\aol.exe
FirewallRules: [{47C34F01-DC6C-4940-BBA6-301875256CD7}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\aol.exe
FirewallRules: [{95F18C3B-2650-4E5B-89FE-0B6C9163954E}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\unifying250.exe
FirewallRules: [{7378F8E8-E9AE-479A-866B-F6686666ABDC}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\unifying250.exe
FirewallRules: [{59566999-AE0F-4EF2-B53F-51D67F276FDA}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\unifying250.exe
FirewallRules: [{DE1D4838-BCC7-424F-ADA0-49AA146FB5D9}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\unifying250.exe
FirewallRules: [{44B7EFD8-F8A8-43E3-8BD6-6108F027B6F9}] => (Block) LPort=445
FirewallRules: [{D11C0634-E118-4F35-9898-8046D840977D}] => (Block) LPort=445
FirewallRules: [{552E35F3-E4F6-46DA-9A1F-8244DA3AC7E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F8A97BA-6924-4730-B4C1-A91E6987852E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D713C954-C139-42FD-9D0F-C93493591842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D5261D8-C3AD-4950-AC14-4D245247B038}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{221C02A8-C22C-4C1C-A065-2264A305440F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{0DAD3B2C-5C99-41F0-BD2F-66E40166A6AB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{B1494EAB-0C8E-48AB-82B3-EC9B30211D07}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{E9E11E94-07F0-4A79-809D-54652D5FE513}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{DE9DF6C1-6001-47C5-8A45-69E3FAF23468}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{672B814C-FE3E-4778-8BC5-7A6F9CA4B01B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{1E4A43B7-E6F7-44D4-8C14-8C01A6AFAF51}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{DCA218DD-1520-4330-96C9-6FE35C74E3A3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{8056CCAC-32E2-43AD-AEEE-86098C918456}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{BBF8A3AE-97FE-406F-A1C4-A51A624CE853}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{390879FE-349C-40AB-ABDA-511647BE5C38}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{7964BFF7-101F-48DE-A4C7-1DD103B21D88}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{90E2A6F7-64EA-4F2F-A41C-89290870E11E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
FirewallRules: [{059B64D6-FBF5-49B6-B7A7-3561AEC1BEF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
FirewallRules: [{9D4FD9DB-EAD2-4B1B-BDAF-9B15CF8D8CFA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
FirewallRules: [{60CC6D50-8AB3-4F57-B1C3-7D5C867697BE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
FirewallRules: [{2C893FFA-39A8-46E1-8F6B-64EE248C7C5F}] => (Allow) C:\Program Files (x86)\HP\HP System Event\SysInfoEx.exe
FirewallRules: [{6AFA7B96-0FF6-4987-A85F-6F151DD13BC6}] => (Allow) C:\Program Files (x86)\HP\HP System Event\SysInfoEx.exe
FirewallRules: [{AF74AB48-43BB-4E4F-AE67-898DAD169C12}] => (Allow) C:\Program Files (x86)\HP\HP System Event\SysInfoEx.exe
FirewallRules: [{DA1C535D-960B-44CE-9631-E2015335AB84}] => (Allow) C:\Program Files (x86)\HP\HP System Event\SysInfoEx.exe
FirewallRules: [{D104A6C4-EA30-420F-9DB2-74BC1E70B1C7}] => (Allow) C:\Program Files (x86)\HP\HP System Event\USBCMSG.exe
FirewallRules: [{E21DF327-0661-4149-B606-44C08B28AE28}] => (Allow) C:\Program Files (x86)\HP\HP System Event\USBCMSG.exe
FirewallRules: [{FC3CC4F8-E9AB-436E-81CF-1CEC535294B5}] => (Allow) C:\Program Files (x86)\HP\HP System Event\USBCMSG.exe
FirewallRules: [{E16A4040-2748-448A-907D-3EF11BADDF93}] => (Allow) C:\Program Files (x86)\HP\HP System Event\USBCMSG.exe
FirewallRules: [{6A575DC5-5018-4FC1-B18C-0347F1950C82}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{8BD455DC-2F81-45D0-8F8A-2DFFB89AA2FB}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{4C5A3651-75BC-414E-AFB4-EFC137073C4F}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{DCB2063E-1ED3-4C42-AD6E-782CD7FB1BA2}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{BF39C596-3E78-4E17-AA93-41BBC86919CC}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\mseinstall.exe
FirewallRules: [{1545EA70-1B69-4B45-AD69-197624AE40BC}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\mseinstall.exe
FirewallRules: [{10ECC8E5-B3F2-4039-A023-27C669F5E3FA}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\mseinstall.exe
FirewallRules: [{DC8EE67C-8AF7-45B4-B45C-762BF6DF2D50}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\mseinstall.exe
FirewallRules: [{FF0850DE-26A3-4264-BEE5-EDD13CBD235C}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\Wireshark-win64-2.2.1.exe
FirewallRules: [{98385DFB-D696-4106-90DA-40B3B3E49761}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\Wireshark-win64-2.2.1.exe
FirewallRules: [{B0895E32-5BB5-47D7-9203-F38155A1B566}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\Wireshark-win64-2.2.1.exe
FirewallRules: [{3E4A922A-C409-4AA2-BC95-C488C1A4A1E0}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\Wireshark-win64-2.2.1.exe
FirewallRules: [{9C5002D4-1830-46EE-BDE0-7B9F0214A331}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\MCPR.exe
FirewallRules: [{18BD1D0C-F644-4A1B-A9BB-3160B33A4165}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\MCPR.exe
FirewallRules: [{F6513058-785B-45BA-8CD3-944829B8918E}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\MCPR.exe
FirewallRules: [{A037FB0F-AACA-4267-9FE1-3DDC38C50AD3}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\MCPR.exe
FirewallRules: [{E3545615-36BD-4F00-A77A-EBEB9DDCFAFF}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\gpautobackup_setup.exe
FirewallRules: [{C0DEF57B-DC1D-47F4-BF62-8BB9D796EB22}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\gpautobackup_setup.exe
FirewallRules: [{FBD38B12-711F-4E99-9FDB-33B657A3873B}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\gpautobackup_setup.exe
FirewallRules: [{3E2CD001-B569-48D5-94C9-4964BC326B08}] => (Allow) C:\Users\Catrina Dworaczyk\Downloads\gpautobackup_setup.exe
FirewallRules: [{7E31FAB3-58A8-4789-9C4A-6D9F318320E8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{50958412-83EA-48BC-951D-CB3D92F1FA89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E86EA35-A830-4652-B2F0-F4F08A04C546}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C83BD79-7678-4F51-BE37-4D8BD2ED215A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28B920CC-319E-4611-82C2-889F6094FFBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5D0AC17-C431-4846-ACA1-9E4D42D2472A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{BCFA1973-70C0-4780-8856-77CAA9FEE694}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{18A0CF47-803E-4B2B-984E-E7FB3B2BC2B2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{982D7374-7CA5-40BF-8D04-FAA1A42371AB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{7FC8BAB5-D4F2-48D3-82E5-00B6FAEFE1A9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{1654D907-B5A1-4642-859C-14AC9C1156FB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{CCEBE483-6CB1-4062-BBF0-BCB97E4137F9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{83822E15-482E-4546-B40E-727A6F0D7E9F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3C8B3DAC-963B-46C9-ADA2-95E35EAD6309}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{15476AA1-DEB4-480D-AB4F-436A5272737E}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{F852D3DE-46BE-4158-ACB1-B2ECA9551227}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{5037185C-7FBC-4B44-ADDC-198BABDD4CFF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{7A8A3901-401E-46AE-A864-27FB9730AA1C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{49162AFD-636C-4C9E-AC3F-BA0D518BEE02}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3C5B3029-A8A4-4846-8E65-93822F1C3FC6}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{C34186D2-49D2-450A-BE6E-BF699657D002}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{0962ED64-49B0-4BDF-A2EB-4B0BB412E689}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{8C76EE90-0936-4D77-BF92-83557992EE61}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{69929053-1BA3-4C6D-A1C1-C5B0D69BCA37}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{B77C3009-354A-414C-A766-166B185DAE8F}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{A578938C-0235-4730-8F14-7D365E238DE0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{0ACFBBD3-DF29-42E1-BA49-B3F3B6557C71}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{C9A26BB4-C56B-4CAD-921D-C40FBCCD9AA2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{12853054-8607-4C92-A97A-3EB8E9D33B54}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{627A650C-D530-4180-BB94-61BF064AFE27}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{1D619511-8A21-4265-90FD-25D7B9F5409E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{67A00361-9A6B-40A1-820F-93A38EF85B31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE2A93AC-62E2-40B0-9F98-D7A58F8E06EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBDF8650-CC04-49E6-A91D-12C104B52F8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32845A5E-042A-4C3A-BC19-02B0137A9D44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AF3E9953-8863-4B19-AD37-F8AF730D8981}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{61D5D1B2-32F7-4FCF-A700-4E25ECF69170}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB49B7EF-25FB-4F3A-86E2-1B8EC24812E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC8D6C0D-7204-4FD0-A2E4-8E78001B54A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67475029-B5BD-47EC-A8D5-3D426876E6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C3038F0D-6D30-4B7F-A848-71995DFE423F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F089519F-9CAD-4746-8589-2D8A6817FBEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8AFAED0C-2535-456D-AECB-5636A9FA6E15}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{92B9A555-E12A-4E4B-9CDD-88A5062C122B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2B626B8A-98EC-4E41-A9A0-67A43F11A23B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD3BC73E-884B-46F5-A8EE-E31151C1BB56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{33DE002B-46FA-461D-B4CA-5A5F4029ED5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0FFD5952-13E7-4FE8-9996-FD58EC89720C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BACE3B1D-44C1-4CAD-A156-9661B8D40A64}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{61082927-67CA-4EEE-9608-B186E3C99D5E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2323C2C9-F3A5-4432-BB0B-CF63492D7FD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{32442827-39B4-4B7E-86A7-2412000E9223}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BAF3833-D569-4DB3-9AAE-F41234E51316}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A48A2F4D-79BA-4CC2-A682-E5EA763D9E0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B5AF12EF-19BE-4484-BB0D-3E0204CF022E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6069FA6A-FF5D-4110-AB18-E618ABCEF79B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CF4475D3-B539-4353-8BB5-5D4FE76A323C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5641016B-C447-422A-9BA5-D645AFE3C0E1}] => (Allow) LPort=445
FirewallRules: [{F5310747-C8EC-4CCD-B433-DD4443A562F4}] => (Allow) LPort=445
FirewallRules: [{6FBD96F6-4A90-45E7-BE6D-3B8CCA6C5E58}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{2E8EFFD1-67AE-4E81-9DF8-C1A9A4CC71F4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{4CE053C7-2530-4895-906C-8FB6C8C2C3BC}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{3C363F76-7E8F-4E72-A66B-A8724453FEF8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{B5348A4D-B431-4D36-A4F7-4E9BF2E5A2D9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{C4FCBC6A-C6A0-40C5-A395-6453870282F4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{7F057B06-3CEA-42B5-B3B6-464DAD81C662}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{0A00E7F4-A6BF-405F-885A-B7CA1261B170}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E4EFD075-17FE-43BF-AC15-53EBDF5738C2}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{FA8DDDD7-8A88-460D-A5DF-321D4E52AC14}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1492477990\ee\aolsoftware.exe
FirewallRules: [{4C16763C-A928-4C7C-B2BA-0E5E9DD0B895}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D4B8073F-CFA9-45B0-B301-33B9A8C23CD7}] => (Allow) C:\Program Files\Intel\WiFiDrivers\Drivers\WUINF\dpinst64.exe
FirewallRules: [{0914B94F-5BC8-46B3-9CD9-238C3FBFCDA4}] => (Allow) C:\Program Files\Intel\WiFiDrivers\Drivers\WUINF\dpinst64.exe
FirewallRules: [{22852D4E-A757-42A3-9E97-84B9D3B28B4D}] => (Allow) C:\Program Files\Intel\WiFiDrivers\Drivers\WUINF\dpinst64.exe
FirewallRules: [{65B8DF32-E2E5-4931-A589-DCA8AE449616}] => (Allow) C:\Program Files\Intel\WiFiDrivers\Drivers\WUINF\dpinst64.exe
FirewallRules: [TCP Query User{50D57CBB-F4F1-49E4-B6FE-547CC909550F}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{EA1BA40F-56A3-4D57-A8B6-90DCFEEC73D3}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{8BE4B5D8-3E11-48A7-87A4-0E97B6D9ACE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-04-2018 19:43:47 JRT Pre-Junkware Removal
25-04-2018 00:52:40 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2018 06:15:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: msvcrt.dll, version: 7.0.16299.125, time stamp: 0x20688290
Exception code: 0x40000015
Fault offset: 0x000000000000ad32
Faulting process id: 0xbc
Faulting application start time: 0x01d3dce0ed249d52
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: a090244c-b521-4c0c-b115-c18d00fdb0eb
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (04/25/2018 05:01:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.125, time stamp: 0xfeba44fb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000053c0fd8
Faulting process id: 0xc2c
Faulting application start time: 0x01d3dcdbd55b832a
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: unknown
Report Id: 1c0cb0da-2eb4-4b1d-b04f-777d700922c7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/25/2018 04:29:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (04/25/2018 03:35:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (04/25/2018 01:23:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/25/2018 01:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc000027b
Fault offset: 0x00000000006e7ae9
Faulting process id: 0x1c28
Faulting application start time: 0x01d3dcc1fef5ca90
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: d098f491-6d20-4f79-a1e4-674f67f6203e
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (04/24/2018 10:56:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-PPSBS4P)
Description: Package microsoft.windowscommunicationsapps_17.8730.21725.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend.

Error: (04/24/2018 10:33:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.16299.15, time stamp: 0x59cda974
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc000027b
Fault offset: 0x00000000006e7ae9
Faulting process id: 0xed8
Faulting application start time: 0x01d3d153e452e73c
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: b8fdc4f8-b00e-4f06-9c67-009fc43d4364
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App


System errors:
=============
Error: (04/26/2018 09:29:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2018 09:06:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:47 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:44 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:40 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error

Error: (04/26/2018 09:05:36 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
General access denied error


Windows Defender:
===================================
Date: 2018-04-03 01:37:43.143
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {58F83CBB-D79C-4FE6-AB81-8900AEA9E1C6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 01:02:58.602
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9BC98C6E-F18C-40C8-A3F0-687FF1F317B0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-03 00:54:51.045
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A0C058E9-1620-4E6C-897E-94E9C12711D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-01 20:00:09.741
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D9D16A1C-1DBE-47CE-86B2-5EEFD41C7BAC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-29 18:28:26.310
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {76A378F2-A58E-4103-AD9F-F45AF149A9C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-25 18:33:37.751
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.359.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-04-25 18:33:37.750
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.359.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-04-25 15:51:43.923
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.359.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-04-25 15:51:43.922
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.267.359.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14800.3
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-04-25 15:41:42.701
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.282.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===================================

Date: 2018-04-26 09:45:41.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:45:41.131
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:45:41.113
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:45:41.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:45:41.085
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:45:41.082
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:44:32.789
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-26 09:44:32.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 58%
Total physical RAM: 3985.95 MB
Available physical RAM: 1650.15 MB
Total Virtual: 4241.95 MB
Available Virtual: 1617.76 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.09 GB) (Free:242.73 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.36 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{8aa674cf-b66b-4dd2-affc-e6ffc4814382}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{bc16e918-9f05-48d3-9718-d0ae2df49a09}\ () (Fixed) (Total:0.92 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0CAD552D)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 29 April 2018 - 07:48 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 29 April 2018 - 08:02 PM

Greetings Hairdresser28 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\CR_7C166.tmp
C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\SwReporter
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKLM-x32 - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
CHR Extension: (Individual Application - Additional i...) - C:\Users\Catrina Dworaczyk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebbgpabhbnkooldbhdjljdnlgjipkaon [2018-01-29]
S3 cpuz143; \??\C:\Users\CATRIN~1\AppData\Local\Temp\cpuz143\cpuz143_x64.sys [X]
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]
S3 RTSUER; \SystemRoot\system32\Drivers\RtsUer.sys [X]
2018-04-09 11:44 - 2018-04-09 11:44 - 000000000 ____D C:\ProgramData\ProductData
2018-04-06 10:34 - 2018-04-06 10:34 - 000030417 _____ C:\ProgramData\agent.uninstall.1523028874.bdinstall.bin
2017-11-16 01:07 - 2017-11-16 01:09 - 000000248 _____ () C:\Users\Catrina Dworaczyk\AppData\Local\tempuninstall.ini
Task: {7F604638-E16C-4765-80B1-52AE5887A0E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp80220.exe
Task: {F19CFD15-41E5-4416-BB71-53F04C3B1635} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Software Informer
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
emptytemp:
Folder: C:\Users\Catrina Dworaczyk\Desktop\everything{ED7BA470-8E54-465E-825C-99712043E01C}
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 02 May 2018 - 08:58 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Hairdresser28

Hairdresser28
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:05:18 PM

Posted 02 May 2018 - 10:28 PM

hi i am here thank you so much and call me Trina

I am a little confused on what to do, i have done this a few years ago, but I am not sure how to do the fix list

thanks, I hope you can still help me Gary, i really appreiciate this



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 03 May 2018 - 08:06 AM

Hi Trina, glad you are aboard.

Let's change the steps a bit and hopefully it will not be as confusing.

We need to make sure when you download the attached file you save it to your Documents folder, otherwise things won't work.

Running from C:\Users\Catrina Dworaczyk\Documents


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download Attached File  fixlist.txt   1.72KB   1 downloads and save it in your Documents folder <<< Important
  • Right click on FRST and select Run as administrator
  • Click Fix
  • A Fixlog.txt document will be created and placed in your Documents folder. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Hairdresser28

Hairdresser28
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Louisiana
  • Local time:05:18 PM

Posted 04 May 2018 - 11:45 AM

I am trying dont give up on me plz
Thank you

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 04 May 2018 - 11:58 AM

If you are having difficulties let me know the steps you are taking and what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 07 May 2018 - 11:46 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 10 May 2018 - 12:46 PM

Greetings.

Are you with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 11 May 2018 - 08:58 AM

Greetings.

If you are able to be in a position to consistently reply to the topic you are welcome to request the topic be re-opened in the next week or so. Beyond that you will need to start a new topic.

I apologize for needing to close the topic but you have not logged into BleepingComputer for a week.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,156 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:18 PM

Posted 11 May 2018 - 08:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users