Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% Disk and 70% Memory usage won't decrease


  • This topic is locked This topic is locked
6 replies to this topic

#1 JCMONDAVI

JCMONDAVI

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 16 June 2018 - 05:00 PM

Computer started acting strange after windows menu error started popping up. It went away but now computer is running at 100% disk usage and 70% memory usage with no programs open. Ran Rogue Killer but it hangs half way through scan. Avast and Panda antivirus pick up nothing. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by David (administrator) on DAVID-PC (16-06-2018 16:53:38)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\248aee40972828407d8f7cd0ecfd59e6\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-11] (AVAST Software)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [2174072 2018-04-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-04-21] ()
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-06-12] (Google Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [217088 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{df54e6fa-92f1-42bf-86bb-d3383ce30e7f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {7E7C7386-4E94-47F9-A757-881391D34CB4} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fdf60a96&q={searchTerms}
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D15882F2-E045-4A22-B962-09C85DBA4B92} URL = 
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fdf60a96&q={searchTerms}
SearchScopes: HKLM-x32 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> DefaultScope {CAEAF69E-0564-481C-A4CE-2B77ED301989} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {CAEAF69E-0564-481C-A4CE-2B77ED301989} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-04-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-04-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.1\bin\jp2ssv.dll [2018-05-04] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-04-17] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: yc4wnnjb.default-1524337445064
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yc4wnnjb.default-1524337445064 [2018-06-08]
FF Extension: (Avast Online Security) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yc4wnnjb.default-1524337445064\Extensions\wrc@avast.com.xpi [2018-05-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @java.com/DTPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\dtplugin\npDeployJava1.dll [2018-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\plugin2\npjp2.dll [2018-05-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-1443603178-1069732724-762211521-1001: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-1443603178-1069732724-762211521-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\David\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-07-04] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-06-16]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Scope by SellerLabs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aifeflcmgbbjnkopdmliglhooofhgmld [2018-03-08]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Honey) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-06-16]
CHR Extension: (Calculator Widget) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpplagdendnkjkiaiaijfphiflaflinc [2018-03-31]
CHR Extension: (FBA Calculator for Amazon) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgjopcolgcafhnicdahjemapkniikeh [2018-06-14]
CHR Extension: (Panda Safe Web) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2018-06-07]
CHR Extension: (Facebook Pixel Helper) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-06-07]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (The Camelizer) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2017-03-11]
CHR Extension: (Pinterest Save Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-01]
CHR Extension: (Amazon FBA Calculator Automated Version) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiboipckpnehmbhkpkblbcenpfdekdhf [2017-01-12]
CHR Extension: (DS Amazon Quick View) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg [2018-04-14]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-05-15]
CHR Extension: (Turbo Ad Finder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjbjojolojmokicddfeaamkodihccdcl [2018-06-14]
CHR Extension: (AMZ Seller Browser) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\klgpelgeohjghmccooegimcfhanlnngc [2016-06-21]
CHR Extension: (Jungle Scout) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgpfhoadcpndoogjiogflmgegfbekec [2018-05-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-23]
CHR Extension: (FreeConferenceCall.com Scheduler) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2018-01-26]
CHR Extension: (CLEER PRO) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmecmdmgelkpjcfhmbdmejfaocgaekjc [2017-06-27]
CHR Extension: (Similar Sites - Discover Related Websites) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2018-06-01]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2018-05-25]
CHR Extension: (Wikibuy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-06-16]
CHR Extension: (TWF Buy Box Scope BETA) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nleehhpkbdfkfijnboebfaijhjabfjeb [2017-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-07]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1443603178-1069732724-762211521-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-11-10] (Adobe Systems) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-11] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-11] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-26] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-26] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-26] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-26] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-11] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-11] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-11] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-11] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-11] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-11] (AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-05-24] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-08] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-16] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-16] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-16] (Malwarebytes)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-06-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2015-07-30] (Wondershare)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-16 16:53 - 2018-06-16 16:55 - 000027185 _____ C:\Users\David\Downloads\FRST.txt
2018-06-16 16:50 - 2018-06-16 16:50 - 002413056 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2018-06-11 22:44 - 2018-06-11 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2018-06-11 21:47 - 2018-06-11 21:47 - 000000000 ____D C:\Windows.old
2018-06-11 10:42 - 2018-06-11 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-06-11 10:40 - 2018-06-11 10:40 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-11 10:40 - 2018-06-11 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-11 10:38 - 2018-06-11 10:38 - 000163126 _____ C:\Users\David\Downloads\2018-19 Summary Calendar LINES.pdf
2018-06-11 10:26 - 2018-06-11 10:26 - 000021861 _____ C:\Users\David\Downloads\invoice_1099_from_His Productions LLC.pdf
2018-06-10 00:08 - 2018-06-10 00:08 - 000000000 ____D C:\Users\David\AppData\Roaming\REAPER
2018-06-10 00:07 - 2018-06-10 00:07 - 000000871 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2018-06-10 00:07 - 2018-06-10 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2018-06-10 00:07 - 2018-06-10 00:07 - 000000000 ____D C:\Program Files\REAPER (x64)
2018-06-10 00:05 - 2018-06-10 00:05 - 011749192 _____ C:\Users\David\Downloads\reaper591_x64-install.exe
2018-06-10 00:03 - 2018-06-10 00:03 - 000001090 _____ C:\Users\David\Desktop\Levelator.lnk
2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\Users\David\AppData\Roaming\Conversations Network
2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conversations Network Levelator
2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\Program Files (x86)\Levelator
2018-06-09 23:45 - 2018-06-09 23:45 - 007046684 _____ (The Conversations Network ) C:\Users\David\Downloads\LevelatorSetup-2.1.1.exe
2018-06-09 20:58 - 2018-06-09 20:58 - 000116489 _____ C:\Users\David\Downloads\AGUSM Faith Promise Form Online.pdf
2018-06-09 20:21 - 2018-06-09 20:22 - 000784307 _____ C:\Users\David\Downloads\Cornerstone Chosen.pptx
2018-06-09 20:19 - 2018-06-09 20:20 - 029154245 _____ C:\Users\David\Downloads\Cornerstone.mp4
2018-06-08 21:52 - 2018-06-08 21:52 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-PC-Windows-10-Home-(64-bit).dat
2018-06-08 21:51 - 2018-06-08 21:51 - 000000000 ____D C:\RegBackup
2018-06-08 21:46 - 2018-06-08 21:46 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\flashplayer30ppau_ha_install.exe
2018-06-08 20:51 - 2018-06-16 12:50 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-08 20:51 - 2018-06-16 12:48 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-08 20:51 - 2018-06-16 12:48 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-08 20:51 - 2018-06-16 12:48 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-08 20:51 - 2018-06-08 21:55 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-08 20:51 - 2018-06-08 20:51 - 000003768 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-06-08 20:50 - 2018-06-08 20:50 - 000002234 _____ C:\Users\David\Desktop\Tweaking.com - Windows Repair.lnk
2018-06-08 20:50 - 2018-06-08 20:50 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-08 20:50 - 2018-06-08 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-08 20:50 - 2018-06-08 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-08 20:50 - 2018-06-08 20:50 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-08 20:50 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-08 20:49 - 2018-06-08 20:50 - 000193912 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-06-08 20:49 - 2018-06-08 20:49 - 077309488 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5402.exe
2018-06-08 20:46 - 2018-06-08 20:46 - 037625152 _____ (Tweaking.com) C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-06-08 09:29 - 2018-06-08 09:29 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-06-08 09:28 - 2018-06-08 09:28 - 000000000 ____D C:\Users\David\Downloads\ProcessExplorer
2018-06-08 09:27 - 2018-06-08 09:27 - 001931969 _____ C:\Users\David\Downloads\ProcessExplorer.zip
2018-06-08 09:27 - 2018-06-08 09:27 - 001931969 _____ C:\Users\David\Downloads\ProcessExplorer (1).zip
2018-06-07 23:08 - 2018-06-07 23:08 - 007372496 _____ (Malwarebytes) C:\Users\David\Downloads\adwcleaner_7.2.0.exe
2018-06-07 22:16 - 2018-06-07 22:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-07 22:11 - 2018-06-07 22:13 - 000005474 _____ C:\TDSSKiller.3.1.0.17_07.06.2018_22.11.46_log.txt
2018-06-07 22:11 - 2018-06-07 22:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.exe
2018-06-07 22:10 - 2018-06-07 22:10 - 004949824 _____ (AO Kaspersky Lab) C:\Users\David\Downloads\tdsskiller.exe
2018-06-07 22:06 - 2018-06-07 22:06 - 005660506 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2018-06-07 22:05 - 2018-06-07 22:06 - 007271632 _____ (Malwarebytes) C:\Users\David\Downloads\AdwCleaner.exe
2018-06-07 11:46 - 2018-06-07 11:46 - 000007597 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2018-06-07 00:38 - 2017-11-23 01:27 - 000450575 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180607-003843.backup
2018-06-07 00:28 - 2018-06-07 00:28 - 000000000 ____D C:\Users\David\Documents\ProcAlyzer Dumps
2018-06-07 00:21 - 2018-06-07 00:21 - 000018760 _____ C:\Users\David\Documents\cc_20180607_002117.reg
2018-06-07 00:14 - 2018-06-07 09:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-04 06:18 - 2018-06-04 06:18 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-04 06:18 - 2018-06-04 06:18 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-04 06:18 - 2018-06-04 06:18 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-31 17:44 - 2018-05-31 17:44 - 000045056 _____ C:\Users\David\Downloads\153PC.dot
2018-05-28 21:48 - 2018-05-28 21:48 - 000038519 _____ C:\Users\David\Downloads\DOC-342562A1.pdf
2018-05-28 18:51 - 2018-05-28 18:51 - 000010770 _____ C:\Users\David\Downloads\DA-01-309A1.pdf
2018-05-28 18:27 - 2018-05-28 18:27 - 000133358 _____ C:\Users\David\Downloads\wmie-weekend-donors-20180228-153904321-pdf.pdf
2018-05-28 18:27 - 2018-05-28 18:27 - 000020195 _____ C:\Users\David\Downloads\wmie-prog-sched-20180226-151631073-pdf.pdf
2018-05-28 18:25 - 2018-05-28 18:25 - 000470719 _____ C:\Users\David\Downloads\wmie-qr-2017-20180226-151630909-pdf.pdf
2018-05-28 16:01 - 2018-05-28 16:01 - 000000000 ____D C:\Users\David\AppData\Local\{3B1CFE8A-5125-424E-B8EB-B464C8B7B804}
2018-05-22 11:38 - 2018-05-22 11:38 - 002958671 _____ C:\Users\David\Desktop\Landscape.pdf
2018-05-21 00:33 - 2018-05-21 00:33 - 001031258 _____ C:\Users\David\Downloads\Facebook Ads copy.pdf
2018-05-18 19:09 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-05-17 09:03 - 2018-05-17 09:04 - 005663253 _____ C:\Users\David\Downloads\us_uk.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-16 16:55 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-16 16:55 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-16 16:53 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-16 16:53 - 2016-03-10 21:44 - 000000000 ____D C:\FRST
2018-06-16 16:32 - 2017-12-29 01:07 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{05B027E4-20F2-4652-B102-E75A0A0604E3}
2018-06-16 16:27 - 2018-04-21 17:22 - 000000000 ____D C:\Users\David\AppData\Local\ClassicShell
2018-06-16 16:21 - 2017-12-29 00:41 - 000000000 ____D C:\Users\David
2018-06-16 16:19 - 2017-12-29 01:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-16 16:19 - 2017-12-29 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-16 12:58 - 2017-12-29 00:41 - 000000000 ____D C:\Users\DefaultAppPool
2018-06-16 12:57 - 2018-03-26 09:54 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-06-16 12:53 - 2016-03-09 10:11 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-16 12:45 - 2017-08-24 11:37 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDavid.job
2018-06-14 23:52 - 2017-12-29 01:07 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDavid
2018-06-14 22:51 - 2016-04-22 22:06 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 22:51 - 2016-04-22 22:06 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-14 22:44 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Registration
2018-06-14 22:43 - 2018-04-12 06:19 - 000000000 ___HD C:\$WINDOWS.~BT
2018-06-14 22:41 - 2017-12-29 01:06 - 000030483 _____ C:\WINDOWS\diagwrn.xml
2018-06-14 22:41 - 2017-12-29 01:06 - 000030483 _____ C:\WINDOWS\diagerr.xml
2018-06-14 22:13 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\Outlook Files
2018-06-14 22:13 - 2015-08-14 01:15 - 000000000 ____D C:\Users\David\Desktop\Outlook Files
2018-06-14 08:42 - 2017-12-29 00:36 - 002438340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-13 17:48 - 2016-02-08 01:24 - 000000000 ____D C:\Users\David\Documents\Bible Study Materials
2018-06-11 23:13 - 2017-12-19 11:12 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-11 22:44 - 2018-04-21 15:27 - 000000000 ____D C:\Program Files (x86)\Cyberduck
2018-06-11 22:44 - 2016-02-02 01:36 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-11 10:52 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-11 10:52 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-11 10:40 - 2015-08-14 01:14 - 000000000 ____D C:\Program Files\iTunes
2018-06-11 10:40 - 2015-08-14 01:14 - 000000000 ____D C:\Program Files\iPod
2018-06-10 00:16 - 2016-03-26 02:18 - 001134507 _____ C:\Users\David\Downloads\Survey Card (Spiritual Response Card).cdr
2018-06-09 23:54 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-09 23:07 - 2016-09-17 15:06 - 000000000 ____D C:\Users\David\AppData\Roaming\Worship Extreme
2018-06-09 23:07 - 2015-08-14 01:21 - 000000000 ____D C:\Users\Public\WELibrary
2018-06-09 22:41 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\CornerstoneGraphics
2018-06-09 21:58 - 2015-08-14 01:16 - 000000000 ____D C:\Users\David\Documents\Cornerstone Documents
2018-06-09 20:01 - 2017-12-29 01:07 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-09 20:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-09 20:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-09 19:31 - 2017-06-29 20:20 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-06-09 19:08 - 2018-03-13 20:44 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-09 08:52 - 2017-12-29 00:30 - 000787656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-09 08:52 - 2016-02-02 01:37 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-06-08 21:55 - 2017-06-14 01:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-08 20:50 - 2016-03-09 01:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-08 09:59 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-07 23:13 - 2016-05-28 23:02 - 000000000 ____D C:\ProgramData\Nero
2018-06-07 23:13 - 2016-05-28 23:02 - 000000000 ____D C:\Program Files (x86)\Nero
2018-06-07 23:11 - 2017-01-30 23:41 - 000000000 ____D C:\AdwCleaner
2018-06-07 23:01 - 2011-05-23 23:01 - 000000000 ____D C:\ProgramData\Sonic
2018-06-07 22:35 - 2016-10-17 00:01 - 000003644 _____ C:\Users\David\Desktop\Rkill.txt
2018-06-07 22:18 - 2015-08-14 01:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-07 21:56 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-07 21:50 - 2017-12-29 01:07 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-07 21:45 - 2016-07-14 19:26 - 000000000 ____D C:\WINDOWS\pss
2018-06-07 09:19 - 2017-11-28 01:25 - 000000000 ____D C:\Program Files (x86)\vMix
2018-06-07 00:38 - 2009-07-13 22:34 - 000450930 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_917
2018-06-06 16:45 - 2016-03-11 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-06 16:45 - 2015-08-18 23:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-05 19:24 - 2018-05-09 17:06 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2018-05-09 17:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-03 08:26 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\Sermons
2018-05-31 17:15 - 2018-04-27 16:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-30 12:37 - 2017-07-30 22:09 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-05-30 12:10 - 2015-08-18 23:53 - 000001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-05-28 21:58 - 2018-04-14 14:40 - 000000000 ____D C:\Users\David\Documents\CreatedforLivingRadio
2018-05-26 23:41 - 2017-06-30 00:34 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-05-22 11:23 - 2016-05-30 01:50 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-22 11:23 - 2016-05-30 01:50 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-20 22:48 - 2015-12-12 20:53 - 000000000 ____D C:\Users\David\AppData\Roaming\Syncios
2018-05-20 22:38 - 2016-03-26 21:26 - 000000000 ____D C:\Users\David\Desktop\Monicas Phone March 2016
2018-05-20 22:38 - 2015-12-21 17:29 - 000000000 ____D C:\Users\David\AppData\Roaming\SynciOS Data Transfer
2018-05-19 23:00 - 2018-05-01 01:12 - 000003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-19 23:00 - 2018-05-01 01:12 - 000003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-17 19:51 - 2017-12-29 01:07 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-17 19:51 - 2017-12-29 01:07 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2016-06-28 11:14 - 2016-06-28 11:14 - 000000046 _____ () C:\Users\David\AppData\Roaming\Camdata.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000004536 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg
2016-06-28 11:12 - 2016-06-28 11:12 - 000000096 _____ () C:\Users\David\AppData\Roaming\version2.xml
2016-02-09 02:37 - 2018-04-23 21:41 - 000011264 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-08 02:13 - 2016-11-30 01:34 - 000000600 _____ () C:\Users\David\AppData\Local\PUTTY.RND
2018-06-07 11:46 - 2018-06-07 11:46 - 000007597 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-06-09 09:00 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
2018-06-11 23:09 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\kernel32.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-08 10:21
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by David (16-06-2018 16:56:40)
Running from C:\Users\David\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2017-12-29 05:09:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1443603178-1069732724-762211521-500 - Administrator - Disabled)
David (S-1-5-21-1443603178-1069732724-762211521-1001 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-1443603178-1069732724-762211521-503 - Limited - Disabled)
Guest (S-1-5-21-1443603178-1069732724-762211521-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1443603178-1069732724-762211521-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1443603178-1069732724-762211521-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
5KPlayer 4.0 (HKLM-x32\...\5KPlayer_is1) (Version:  - DearMob, Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (HKLM-x32\...\{9615E45B-7670-4D17-9ED5-28B9E936EEDD}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Any Video Converter 6.1.1 (HKLM-x32\...\Any Video Converter) (Version: 6.1.1 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan_Carrier (HKLM-x32\...\{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{FACA2377-913E-4BF4-BC7B-6DEF40614218}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{ED3D79A6-B3BB-4482-B226-0B620F97258A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.6.29 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}) (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (HKLM-x32\...\{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (HKLM-x32\...\{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (HKLM-x32\...\{CA3861BA-1D96-4D66-B577-318E1602C4F3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (HKLM-x32\...\{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (HKLM-x32\...\{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (HKLM-x32\...\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (HKLM-x32\...\{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (HKLM-x32\...\{68EE5C41-2F79-4F36-BE85-22A814F55AF7}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (HKLM-x32\...\{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (HKLM-x32\...\{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (HKLM-x32\...\{8F18CFF8-8259-4148-AD00-2EE572754E92}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (HKLM-x32\...\{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (HKLM-x32\...\{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (HKLM-x32\...\{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Premium Fonts (HKLM-x32\...\{A9E21D37-B157-4245-9C33-179628C47847}) (Version: 1.00.0000 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (HKLM-x32\...\{59123CCF-FED2-46FF-9293-D1DC80042219}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (HKLM-x32\...\{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (HKLM-x32\...\{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (HKLM-x32\...\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (HKLM-x32\...\{260ED378-2B8C-4831-ADAE-D0712D119AC5}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (HKLM-x32\...\{9244E956-5939-4B88-930C-0699D4AB2B95}) (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (HKLM-x32\...\{368FCA18-C510-4F87-B60E-192B9BDBAE3D}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Cyberduck (HKLM-x32\...\{7F0B0032-330F-49C3-95AD-364FB38D5C9C}) (Version: 6.6.1.28146 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{bdee7329-1547-4719-a3ed-3e574ca638ea}) (Version: 6.6.1.28146 - iterate GmbH)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{8292F88E-2DB7-456B-A8F1-9079B7432A1E}) (Version: 5.0.128 - Sony)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Escape Whisper Valley ™ (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.32.0 (HKLM-x32\...\FileZilla Client) (Version: 3.32.0 - Tim Kosse)
Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Install LoJack for Laptops (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.17 - Absolute Software)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L7600 (HKLM-x32\...\{5D47D0E9-1DD3-4A11-8AE1-D41566BFFD10}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Levelator (HKLM-x32\...\Levelator_is1) (Version:  - The Conversations Network)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Logos Bible Software (HKLM-x32\...\{CE7A6374-0987-42AB-9E29-74E1D8336A80}) (Version: 7.208.17 - Faithlife Corporation)
Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden
MagicYUV Lossless Video Codec version 1.1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.1 - INNOMAGIC Bt.)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MaxiLink2 (HKLM-x32\...\{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.05 - CenTech) Hidden
MaxiLink2 (HKLM-x32\...\InstallShield_{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.05 - CenTech)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5023.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MiniTool Power Data Recovery 7.5 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 7.5 - MiniTool Solution Ltd.)
Movavi Screen Capture 7 (HKLM-x32\...\Movavi Screen Capture 7) (Version: 7.0.0 - Movavi)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F50CC230-EE79-4931-B72D-8E4D195DFFB0}) (Version: 14.1.500.0 - Audials AG)
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden
Nero BurningROM 2016 (HKLM-x32\...\{83D2F005-37FD-4321-B5F7-24EFEACC9834}) (Version: 17.0.00600 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero TuneItUp (HKLM-x32\...\Nero_tuneitup_is1) (Version: 2.4.4.103 - Nero AG)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.25 - Panda Security and Visicom Media Inc.)
Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProductContext (HKLM-x32\...\{2E9E5756-B244-4096-94E3-BFCB961B75F2}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickBooks 3.3.5 (only current user) (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 3.3.5 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Slack (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\slack) (Version: 2.6.3 - Slack Technologies)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Syncios 6.3.4 (HKLM-x32\...\Syncios) (Version: 6.3.4 - Anvsoft)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.19 - Tweaking.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Vegas Movie Studio HD Platinum 10.0 (HKLM-x32\...\{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}) (Version: 10.0.179 - Sony)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vMix Social (HKLM-x32\...\{1A0C8557-EB4A-4DD1-B4F9-A974ADEFE05F}_is1) (Version:  - StudioCoast Pty Ltd)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Author 6.3.6 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
WORDsearch Basic (HKLM-x32\...\{633A0911-77AE-4B18-BEF0-F46EC8CF54EA}) (Version: 10 - WORDsearch Corp) Hidden
Worship Extreme 4.24.0 (HKLM\...\42c1e679-036c-527f-a96e-99f282f11e83) (Version: 4.24.0 - Worship Extreme Software)
Zoom (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-11] (AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010DBBD8-BD06-42C2-BFCA-315465F151ED} - no filepath
Task: {019C103F-0F78-4D77-98F7-AAB6DC0FBCA7} - no filepath
Task: {0251B746-E190-42CB-9EC8-63596C4523CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {02CDEF03-B9B5-4432-8073-3D4F19711FD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4C5EK0HR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {0481A59D-CA8A-4209-ACBA-29EEB184153D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {060B028F-9515-4ECC-83F5-6681A74FB2C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {0706E0E2-CA08-4BAF-9FA4-AF7286B96201} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-30] (Dropbox, Inc.)
Task: {0FEF0959-0C6E-4F4F-A0D3-50228A7D6AA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10979F53-1833-441E-BC80-38A8A677C91A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {13EE8EA9-A624-42E3-8C0D-E2A572D36C04} - no filepath
Task: {1734174E-1BC0-4225-9416-9522AC97F813} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {1C19C529-7B6D-4EBD-B0DE-DE5D3E8440D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1E772777-01E1-438B-A023-C3E11E973DBA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-07] (AVAST Software)
Task: {20AD18F9-13AE-4B5E-B9CF-F130090AB009} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2448C473-7C52-46F7-9956-66BD46E46D08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33E49B30-D53A-4981-8E38-2561C7B30F2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C204015-C6C3-46E0-AEB2-FCD9419DFC8B} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {3D28A1CA-E6F3-4CA2-8EC8-E84CD3AEA8A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {40DF25CC-A045-4701-8E96-56F9AD8A4043} - no filepath
Task: {438A6A95-2302-4F64-8F1C-5C5C5B3977A6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4CD8EB8D-5C53-4857-8861-80C1B9508EB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4D37EF5F-A137-49E1-8856-9C71BA5578F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {4F9373DB-A870-424F-9119-A699F1BEEBEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {54AE05BE-4FDB-4306-B387-CC6E45B02B1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {54B697C9-417D-45DC-AECC-6201FF2CE6F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {60520893-0446-4B52-A75F-2B50D2B1F4CE} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {60CA702F-1ADB-4080-8E6D-EEEA9DF1884B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {688B3278-633B-4EC5-88E6-EA6DA72913D2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6C33632E-BB80-450F-B886-4A0D89E05CA2} - no filepath
Task: {6D7DCA86-C57E-4B12-83C8-36CEF0515C92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {6E82F70A-5675-46C1-B996-80A824BDE361} - no filepath
Task: {7AB083BE-3B73-4650-9153-9499E361026D} - no filepath
Task: {7FCD231B-7189-4E99-AE23-996A1DF0E245} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {81A3D9D8-E6EC-4DCB-BECF-C5CE94CD09BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-11] (AVAST Software)
Task: {83107561-32C4-4603-8B0C-7183185A88F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {874B68FE-40FA-498A-8D95-7599153D8BD0} - no filepath
Task: {8ADE40F0-2407-4618-9466-1F5ADB2312CF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {945A3297-53CF-4BAB-A960-7841FF2B1D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {96120BD8-88C9-437C-AA9B-3F5270CE29BA} - no filepath
Task: {987FADB5-2D6F-44C8-AD3B-39675F7E298C} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A0213226-6D5D-4A44-A3B3-421A5094E393} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A63A0B93-F9F0-4B67-9713-AC237258217D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A898E144-3B34-4C7D-8B85-F110F71A1C8B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB3BB114-CD80-49EB-AFFA-978DCA6AECFF} - no filepath
Task: {ACD8751F-6956-4B8C-AEE1-5F38D368793E} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation)
Task: {B663BB13-2F23-4450-A734-E3B84181C3E3} - no filepath
Task: {B66D1FE5-1073-4703-80D6-5632189DE7BC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {CA63D270-9E6B-4F38-88FB-79A306B563DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CC6612C1-0D6C-47A3-B319-6D5DC44FAE3E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CD0313E1-621D-48B2-9824-FBFE874292A8} - no filepath
Task: {CF67EAEC-768B-4EE1-A36D-F034A8C09EFC} - no filepath
Task: {D07E0906-6D5C-48F8-AC34-1858BFAD6771} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-30] (Dropbox, Inc.)
Task: {D205BBA9-E849-4DD4-BCA4-C20A25334252} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D3F75614-7DCE-4B67-A995-8CF8404D5E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D9C44CF9-8FE9-448A-81DF-ACA64BF36168} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {E06AAEB1-64DA-47F2-BCF0-57322F2B4F73} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {EC365DDB-4ED7-4538-8598-5C43D19211A6} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F18503E0-FB55-4D2E-B5C2-130096E6434A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {F1DFFB1C-8A65-460E-92B6-D05E1827F7F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3B4985F-C031-4843-BDB7-53A3E9E175EA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-08] (Microsoft Corporation)
Task: {FF00E3ED-333B-4EAD-A354-9491410C8A9B} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {FFB1ACA1-4884-44E4-B13D-ED0F346A446B} - \PCDEventLauncher -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-08-24 21:43 - 2013-10-23 15:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-03-22 21:10 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-20 17:33 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-04-03 02:30 - 2018-04-03 02:30 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-05-11 21:41 - 2018-05-11 21:41 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-16 12:54 - 2018-06-16 12:54 - 005841040 _____ () C:\Program Files\AVAST Software\Avast\defs\18061604\algo.dll
2018-05-11 21:41 - 2018-05-11 21:41 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-11 21:41 - 2018-05-11 21:41 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-11 21:40 - 2018-05-11 21:40 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-11 21:41 - 2018-05-11 21:41 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-11 21:41 - 2018-05-11 21:41 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2016-03-09 00:13 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-09 00:13 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2018-06-14 22:50 - 2018-06-12 01:46 - 003867480 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 22:50 - 2018-06-12 01:46 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\David\Documents\CornerstoneMarketWebpage.wpp:SummaryInformation [203]
AlternateDataStreams: C:\Users\David\Documents\CornerstoneMarketWebpage.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7872 more sites.
 
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123simsen.com -> www.123simsen.com
 
There are 7873 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-06-08 22:46 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Win7 LtBlue 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "DellStage"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "AccuWeatherWidget"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "5KPlayer.exe"
HKLM\...\StartupApproved\Run32: => "QBWinClient"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "EPSON NX100 Series"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "TunesGoService"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "AudialsNotifier"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "ToolwizCareFree"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CF1712F3-229B-4256-B7FF-B8FA847F658D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [UDP Query User{7A1D5DDE-6DF1-47F7-B9D1-0DDF6EE5A431}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C89CD286-8E2E-4A61-B51E-98AA028AD0B3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CA69EF84-B308-4295-AD11-6EB9C99F1BD2}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [UDP Query User{79243BE0-AF19-4209-B079-9E2F89A23518}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{64FB56B5-C3CD-431B-AB70-81AB12013B75}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{DE0462C5-CD6C-40CE-A2AC-A00C8ADD167B}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{449F3DBF-2DA8-4201-9D87-CD46AD79FE82}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{255D5E87-BED1-4590-BE3B-6F86201FCC68}C:\program files (x86)\serif\webplus\x5\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x5\program\webplus.exe
FirewallRules: [TCP Query User{FE8D46DB-A700-44C6-801B-8159FD1EB79D}C:\program files (x86)\serif\webplus\x5\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x5\program\webplus.exe
FirewallRules: [{DD7DCE46-0FD6-4D47-8621-EE30961AB3F2}] => (Allow) LPort=31931
FirewallRules: [{20F11CCE-1B9F-438F-8812-095827C6A254}] => (Allow) LPort=14714
FirewallRules: [{911EFC76-86D1-46FB-BF2B-7D24C061EF6F}] => (Allow) LPort=12972
FirewallRules: [{974D909D-086D-4156-975F-F9162A0C9C3B}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{208E42D8-3486-4FB8-A2CD-FB54A095BD1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{175FF394-303E-466D-B2ED-9F1BC457214E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{AA162038-B7E4-42A2-9CB5-53D9A75A9360}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9A7CC7E3-4EFB-45D4-9247-81AF56DE9EBC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A151206B-5FC9-43FB-BFF7-83962F5CE62C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{79D9327D-F854-4CD4-8691-B8D71CAE6BF6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EBEE2D86-B6E8-40DD-8BD4-6ED8100C61D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{87BD866C-C689-4FB7-8BFC-F974AFD4146F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81ACCD27-9202-4548-9A67-8BB096ED3BBA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFDD6ABB-60F2-47B2-BAC9-113DFBBF2280}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{DFC150F7-3BEF-47E8-A116-75D24B2F8D16}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{022D4C6F-9CB0-4061-B0D3-37845A588F38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6DDA88FF-9172-48FB-B54E-54A08F583FD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{313DE573-D8DF-421B-A59F-42D373D97975}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9BE9C8C4-8FC3-4CD9-B66D-544F19FE1628}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{814D78B5-C855-49F3-866B-8B464F1F2F8A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CC30CCAD-F8A5-4625-A27A-EF608135C09F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B02DD08B-AFE3-4E37-9E25-179F1A3089DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D34F7B56-E464-45DB-9FA2-F4253F3F5AA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{5F45769C-980C-4389-B51B-6FB950B593CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6BAAF447-5EA9-41AC-95BF-73939A9E2B94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{97BAA28D-15EB-43A8-88A2-198DA67B3860}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3737F800-C07E-4196-A904-A2E55EEC8A6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DDF3222E-D21A-4E1A-9D56-E2F3463EE0C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3DFE1AA8-9C2F-4A8F-B021-800E0D26B2C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A476C662-8576-4856-B3F3-25C0590E8D85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8AC2719A-4B82-4DF6-B0C0-3D096D59BD97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE0590C3-A824-4331-AEB5-57205BC7176F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A8F917E-2898-451E-9AA2-A6A9640BAC83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B05E932B-5C74-4C7E-9526-29E73B311FC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F11087F0-166B-4202-BFED-649F0AB98C05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66EF5B63-DF8D-4B47-87F7-FF936A0D3BC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{026D4220-05FA-43D3-8568-6A0E33F92B2C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5D445376-BDFC-478B-9992-D91128965DDD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4FCF7B43-36E1-4C1A-80FF-BE351D71C9D6}] => (Allow) LPort=1900
FirewallRules: [{938C4AD3-C878-4C32-AB23-AA447940DBDB}] => (Allow) LPort=2869
FirewallRules: [{648618DA-3C87-464C-B6C0-61F01DF1D71F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2504355B-DC50-48DC-A940-A159F54821F8}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{8A8E04C2-AD6E-4318-8A02-A383D4DD6378}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{7C67CD81-D8FD-4139-BDFE-C9C315B2D4A3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{6AC6BB2C-F2A3-4F91-B82A-F32EAA0857CF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{413EB2D6-FC02-406E-AFFA-426057DEF502}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{2A02FF8F-8A9E-4F1D-BB00-11A29A6725DF}] => (Allow) LPort=5357
FirewallRules: [{A55A3350-DBD5-48A8-B630-CB0AC4005035}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E5887791-8829-496A-88B7-6BEE38DAB3C9}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{B86DD39F-0A98-4DD0-A5A6-7BE9272FBF82}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{370CB709-8F90-4535-8BA5-06C42814FB39}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{86588675-5C10-4ADA-AD65-637E3EF14585}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D429CEAB-A65A-477D-967D-93512C62D2CE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E38E7C07-E065-4A32-98A7-F3B48676E82D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A30D36DD-9AE8-4870-BBDA-8AB0519D2963}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E24FF75-1446-4262-97EC-B738B6B225F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D14BCFD5-AE3B-49FB-970C-020682B8D65C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BDBF795-26F6-439F-BB2D-6CBE3365A830}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{6B0E1C0C-E7FA-443D-A311-5BE7597B20B1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{864D5EB7-4352-4936-91BF-812BEE104A26}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{62EEF3E6-6591-414F-8D97-43106552C8A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
08-06-2018 09:57:27 Windows Update
11-06-2018 21:50:01 Windows Update
16-06-2018 16:33:28 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2018 04:59:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/16/2018 04:59:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/16/2018 04:59:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/16/2018 04:59:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/16/2018 04:58:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/16/2018 04:58:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/16/2018 04:58:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/16/2018 04:58:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
System errors:
=============
Error: (06/16/2018 04:59:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9NBLGGH1QWGC-Microsoft.Advertising.Xaml.
 
Error: (06/16/2018 04:58:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJ3PR-MICROSOFT.WINDOWSALARMS.
 
Error: (06/16/2018 04:55:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9NBLGGH42THS-Microsoft.Microsoft3DViewer.
 
Error: (06/16/2018 04:52:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHVN5-MICROSOFT.WINDOWSCALCULATOR.
 
Error: (06/16/2018 04:52:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHWKN-MICROSOFT.WINDOWSSOUNDRECORDER.
 
Error: (06/16/2018 04:51:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFJ3Q2-Microsoft.BingWeather.
 
Error: (06/16/2018 04:51:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9NBLGGH1QWGC-Microsoft.Advertising.Xaml.
 
Error: (06/16/2018 04:51:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHVH4-Microsoft.BingSports.
 
 
Windows Defender:
===================================
Date: 2018-05-11 08:07:03.338
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5C353D35-4C58-4EE0-8C08-9866DED3F059}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-06 00:14:29.307
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.672.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-31 17:27:12.964
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.337.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2018-05-31 17:27:03.728
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-04-26 17:16:55.054
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.267.425.0
Previous Signature Version: 1.265.647.0
Update Source: Signature Update Folder
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14700.5
Error code: 0x80004004
Error description: Operation aborted 
 
Date: 2018-04-26 17:16:55.054
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.267.425.0
Previous Signature Version: 1.265.647.0
Update Source: Signature Update Folder
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14700.5
Error code: 0x80004004
Error description: Operation aborted 
 
CodeIntegrity:
===================================
 
Date: 2018-06-08 21:51:27.016
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:51:27.013
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:51:18.222
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:51:18.219
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:51:13.598
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:51:13.596
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:50:56.764
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-08 21:50:56.762
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 74%
Total physical RAM: 2932.52 MB
Available physical RAM: 756.28 MB
Total Virtual: 5876.52 MB
Available Virtual: 3098.58 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:885.42 GB) (Free:191.49 GB) NTFS
 
\\?\Volume{a183b2c4-4239-11e5-8543-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 45DB2FA2)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=885.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 21 June 2018 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/679188 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 JCMONDAVI

JCMONDAVI
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 22 June 2018 - 02:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by David (administrator) on DAVID-PC (22-06-2018 03:07:06)
Running from C:\Users\David\Downloads
Loaded Profiles: David & DefaultAppPool (Available Profiles: David & DefaultAppPool)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3752768 2018-06-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [2174072 2018-04-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [653728 2018-03-26] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25638872 2018-04-23] (Google)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-04-21] ()
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-06-12] (Google Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\ssText3d.scr [217088 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{420efb18-f474-410b-9b79-10b6600e7afa}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{df54e6fa-92f1-42bf-86bb-d3383ce30e7f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {7E7C7386-4E94-47F9-A757-881391D34CB4} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fdf60a96&q={searchTerms}
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {D15882F2-E045-4A22-B962-09C85DBA4B92} URL = 
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fdf60a96&q={searchTerms}
SearchScopes: HKLM-x32 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> DefaultScope {CAEAF69E-0564-481C-A4CE-2B77ED301989} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {CAEAF69E-0564-481C-A4CE-2B77ED301989} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-04-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-04-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-10.0.1\bin\jp2ssv.dll [2018-05-04] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-08-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2018-04-17] (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Toolbar: HKU\S-1-5-21-1443603178-1069732724-762211521-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: yc4wnnjb.default-1524337445064
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yc4wnnjb.default-1524337445064 [2018-06-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-09] ()
FF Plugin: @java.com/DTPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\dtplugin\npDeployJava1.dll [2018-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=13.0.1.0 -> C:\Program Files\Java\jre-10.0.1\bin\plugin2\npjp2.dll [2018-05-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-09] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-1443603178-1069732724-762211521-1001: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-1443603178-1069732724-762211521-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\David\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-07-04] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-06-22]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Honey) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-06-16]
CHR Extension: (Panda Safe Web) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2018-06-07]
CHR Extension: (Facebook Pixel Helper) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2018-06-07]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-24]
CHR Extension: (Pinterest Save Button) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-06-01]
CHR Extension: (Jungle Scout) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgpfhoadcpndoogjiogflmgegfbekec [2018-05-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-23]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2018-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-16]
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-07]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1443603178-1069732724-762211521-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-11-10] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-18] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2240264 2018-04-19] (ESET)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-24] (Synaptics Incorporated)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-04-12] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-22] (Malwarebytes)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-06-20] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-31] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-31] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2015-07-30] (Wondershare)
U3 aswbdisk; no ImagePath
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-22 03:06 - 2018-06-22 03:06 - 000000000 ____D C:\Users\David\Downloads\FRST-OlderVersion
2018-06-22 03:03 - 2018-06-22 03:03 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Beta.lnk
2018-06-22 03:03 - 2018-06-22 03:03 - 000002389 _____ C:\Users\Public\Desktop\Google Chrome Beta.lnk
2018-06-22 02:57 - 2018-06-22 02:57 - 001130840 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2018-06-22 02:56 - 2018-06-22 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-06-22 01:27 - 2018-06-22 01:27 - 000000000 __SHD C:\found.001
2018-06-21 14:12 - 2018-06-21 14:08 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8ec1afc787c0d593.tmp
2018-06-20 23:18 - 2018-06-20 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-20 23:16 - 2018-06-20 23:16 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-19 00:45 - 2018-06-19 00:45 - 001437536 _____ C:\Users\David\Downloads\light-particle-praise_wyzurebbb__PM.mp4
2018-06-19 00:16 - 2018-06-19 00:16 - 000000000 ____D C:\Users\David\AppData\Local\{BEADF715-290A-4312-8E54-9BAA63AAE0BC}
2018-06-18 23:54 - 2018-06-18 23:54 - 064516360 _____ C:\Users\David\Downloads\6files_2018-04-29_01_39_08.zip
2018-06-18 22:00 - 2018-06-18 22:00 - 000159634 _____ C:\Users\David\Downloads\20180608_pc_statement_reg__5960.pdf
2018-06-18 22:00 - 2018-06-18 22:00 - 000045408 _____ C:\Users\David\Downloads\20180616_pc_property_correspondence_5960.pdf
2018-06-18 21:49 - 2018-06-18 21:49 - 000000000 ____D C:\Users\David\AppData\Roaming\ESET
2018-06-18 17:41 - 2018-06-18 17:41 - 000002018 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2018-06-18 17:40 - 2018-06-18 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-06-18 17:40 - 2018-06-18 17:40 - 000000000 ____D C:\ProgramData\ESET
2018-06-18 17:40 - 2018-06-18 17:40 - 000000000 ____D C:\Program Files\ESET
2018-06-18 17:36 - 2018-06-18 17:36 - 004261120 _____ (ESET) C:\Users\David\Downloads\eset_smart_security_premium_live_installer (3).exe
2018-06-18 17:36 - 2018-06-18 17:36 - 004261120 _____ (ESET) C:\Users\David\Downloads\eset_smart_security_premium_live_installer (2).exe
2018-06-18 17:35 - 2018-06-18 17:35 - 004261120 _____ (ESET) C:\Users\David\Downloads\eset_smart_security_premium_live_installer.exe
2018-06-18 17:35 - 2018-06-18 17:35 - 004261120 _____ (ESET) C:\Users\David\Downloads\eset_smart_security_premium_live_installer (1).exe
2018-06-18 06:23 - 2018-06-18 06:23 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-18 06:23 - 2018-06-18 06:23 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-18 06:23 - 2018-06-18 06:23 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-18 06:23 - 2018-06-18 06:23 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-06-18 01:05 - 2018-06-21 01:31 - 000000000 ____D C:\Users\David\AppData\Local\Apple Inc
2018-06-18 00:40 - 2018-06-18 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2018-06-18 00:40 - 2018-06-18 00:41 - 000000000 ____D C:\Program Files\Classic Shell
2018-06-18 00:40 - 2018-06-18 00:40 - 007187816 _____ (IvoSoft) C:\Users\David\Downloads\ClassicShellSetup_4_3_1.exe
2018-06-18 00:36 - 2018-06-18 00:37 - 160385336 _____ (Apple Inc.) C:\Users\David\Downloads\iCloudSetup.exe
2018-06-18 00:24 - 2018-06-18 20:54 - 000000000 ____D C:\Users\David\Documents\Voiveover
2018-06-17 23:48 - 2018-06-17 23:49 - 037877416 _____ (Tweaking.com) C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2018-06-17 00:26 - 2018-06-17 00:26 - 000000000 __SHD C:\found.000
2018-06-16 23:18 - 2018-06-16 23:19 - 006981240 _____ (ESET spol. s r.o.) C:\Users\David\Downloads\esetonlinescanner_enu.exe
2018-06-16 19:57 - 2018-06-16 19:57 - 000162386 _____ C:\Users\David\Downloads\VeroLagorulesandregs.pdf
2018-06-16 16:56 - 2018-06-16 16:59 - 000085148 _____ C:\Users\David\Downloads\Addition.txt
2018-06-16 16:53 - 2018-06-22 03:09 - 000022329 _____ C:\Users\David\Downloads\FRST.txt
2018-06-16 16:50 - 2018-06-22 03:06 - 002412544 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2018-06-11 22:44 - 2018-06-11 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2018-06-11 21:47 - 2018-06-11 21:47 - 000000000 ____D C:\Windows.old
2018-06-11 10:38 - 2018-06-11 10:38 - 000163126 _____ C:\Users\David\Downloads\2018-19 Summary Calendar LINES.pdf
2018-06-11 10:26 - 2018-06-11 10:26 - 000021861 _____ C:\Users\David\Downloads\invoice_1099_from_His Productions LLC.pdf
2018-06-10 00:08 - 2018-06-10 00:08 - 000000000 ____D C:\Users\David\AppData\Roaming\REAPER
2018-06-10 00:05 - 2018-06-10 00:05 - 011749192 _____ C:\Users\David\Downloads\reaper591_x64-install.exe
2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\Users\David\AppData\Roaming\Conversations Network
2018-06-09 23:45 - 2018-06-09 23:45 - 007046684 _____ (The Conversations Network ) C:\Users\David\Downloads\LevelatorSetup-2.1.1.exe
2018-06-09 20:58 - 2018-06-09 20:58 - 000116489 _____ C:\Users\David\Downloads\AGUSM Faith Promise Form Online.pdf
2018-06-09 20:21 - 2018-06-09 20:22 - 000784307 _____ C:\Users\David\Downloads\Cornerstone Chosen.pptx
2018-06-09 20:19 - 2018-06-09 20:20 - 029154245 _____ C:\Users\David\Downloads\Cornerstone.mp4
2018-06-08 21:52 - 2018-06-08 21:52 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DAVID-PC-Windows-10-Home-(64-bit).dat
2018-06-08 21:51 - 2018-06-08 21:51 - 000000000 ____D C:\RegBackup
2018-06-08 21:46 - 2018-06-08 21:46 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\flashplayer30ppau_ha_install.exe
2018-06-08 20:51 - 2018-06-22 01:29 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-08 20:50 - 2018-06-08 20:50 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-08 20:49 - 2018-06-17 23:55 - 000376531 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-06-08 20:49 - 2018-06-08 20:49 - 077309488 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5402.exe
2018-06-08 20:46 - 2018-06-08 20:46 - 037625152 _____ (Tweaking.com) C:\Users\David\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-06-08 09:29 - 2018-06-08 09:29 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-06-08 09:28 - 2018-06-08 09:28 - 000000000 ____D C:\Users\David\Downloads\ProcessExplorer
2018-06-08 09:27 - 2018-06-08 09:27 - 001931969 _____ C:\Users\David\Downloads\ProcessExplorer.zip
2018-06-08 09:27 - 2018-06-08 09:27 - 001931969 _____ C:\Users\David\Downloads\ProcessExplorer (1).zip
2018-06-07 23:08 - 2018-06-07 23:08 - 007372496 _____ (Malwarebytes) C:\Users\David\Downloads\adwcleaner_7.2.0.exe
2018-06-07 22:11 - 2018-06-07 22:13 - 000005474 _____ C:\TDSSKiller.3.1.0.17_07.06.2018_22.11.46_log.txt
2018-06-07 22:11 - 2018-06-07 22:11 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.exe
2018-06-07 22:10 - 2018-06-07 22:10 - 004949824 _____ (AO Kaspersky Lab) C:\Users\David\Downloads\tdsskiller.exe
2018-06-07 22:06 - 2018-06-07 22:06 - 005660506 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2018-06-07 22:05 - 2018-06-07 22:06 - 007271632 _____ (Malwarebytes) C:\Users\David\Downloads\AdwCleaner.exe
2018-06-07 11:46 - 2018-06-07 11:46 - 000007597 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2018-06-07 00:38 - 2017-11-23 01:27 - 000450575 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180607-003843.backup
2018-06-07 00:28 - 2018-06-07 00:28 - 000000000 ____D C:\Users\David\Documents\ProcAlyzer Dumps
2018-06-07 00:21 - 2018-06-07 00:21 - 000018760 _____ C:\Users\David\Documents\cc_20180607_002117.reg
2018-06-07 00:14 - 2018-06-07 09:23 - 000000000 ____D C:\WINDOWS\Minidump
2018-05-31 17:44 - 2018-05-31 17:44 - 000045056 _____ C:\Users\David\Downloads\153PC.dot
2018-05-28 21:48 - 2018-05-28 21:48 - 000038519 _____ C:\Users\David\Downloads\DOC-342562A1.pdf
2018-05-28 18:51 - 2018-05-28 18:51 - 000010770 _____ C:\Users\David\Downloads\DA-01-309A1.pdf
2018-05-28 18:27 - 2018-05-28 18:27 - 000133358 _____ C:\Users\David\Downloads\wmie-weekend-donors-20180228-153904321-pdf.pdf
2018-05-28 18:27 - 2018-05-28 18:27 - 000020195 _____ C:\Users\David\Downloads\wmie-prog-sched-20180226-151631073-pdf.pdf
2018-05-28 18:25 - 2018-05-28 18:25 - 000470719 _____ C:\Users\David\Downloads\wmie-qr-2017-20180226-151630909-pdf.pdf
2018-05-28 16:01 - 2018-05-28 16:01 - 000000000 ____D C:\Users\David\AppData\Local\{3B1CFE8A-5125-424E-B8EB-B464C8B7B804}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-22 03:06 - 2016-10-17 00:01 - 000001504 _____ C:\Users\David\Desktop\Rkill.txt
2018-06-22 03:06 - 2016-03-10 21:44 - 000000000 ____D C:\FRST
2018-06-22 03:05 - 2017-12-29 01:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-22 03:03 - 2015-08-14 01:15 - 000000000 ____D C:\Users\David\AppData\Local\Google
2018-06-22 03:02 - 2015-08-14 01:13 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-22 03:01 - 2017-07-28 22:52 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-06-22 02:59 - 2016-03-09 01:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-22 02:53 - 2015-12-12 20:38 - 000000000 ____D C:\ProgramData\Apple
2018-06-22 02:52 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-06-22 02:52 - 2015-08-14 01:14 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-06-22 02:46 - 2016-03-11 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-22 02:19 - 2015-08-14 01:14 - 000000000 ____D C:\Program Files\iTunes
2018-06-22 02:19 - 2015-08-14 01:14 - 000000000 ____D C:\Program Files\iPod
2018-06-22 02:17 - 2017-12-29 00:41 - 000000000 ____D C:\Users\DefaultAppPool
2018-06-22 02:08 - 2018-04-21 17:22 - 000000000 ____D C:\Users\David\AppData\Local\ClassicShell
2018-06-22 01:55 - 2017-12-29 01:07 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{05B027E4-20F2-4652-B102-E75A0A0604E3}
2018-06-22 01:42 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-22 01:29 - 2017-12-29 00:41 - 000000000 ____D C:\Users\David
2018-06-22 01:28 - 2017-12-29 00:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-21 14:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-21 14:30 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-21 14:11 - 2017-09-29 09:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-21 14:08 - 2018-03-26 09:53 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw ba7281419175958.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7cb9e69f50c966f4.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswe835fdfd6b007e52.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa1cc5e9d0b08fd14.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw de2a38342c3de28.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw 9aac5384b4754f2.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw9dbb17708fd4d414.tmp
2018-06-21 14:08 - 2018-03-26 09:53 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw96639099eb642a0b.tmp
2018-06-21 14:05 - 2018-03-26 09:53 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7cb7e0f5662fd571.tmp
2018-06-21 14:04 - 2018-03-26 09:53 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswff43854fa259ab60.tmp
2018-06-21 14:04 - 2018-03-26 09:53 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw3646a3ed8815c832.tmp
2018-06-21 14:04 - 2018-03-26 09:53 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8ae818c8848dd50d.tmp
2018-06-21 14:04 - 2018-03-26 09:53 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw73a4a2736f47a816.tmp
2018-06-21 14:04 - 2018-03-26 09:53 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd6b49f2848b49eee.tmp
2018-06-21 13:55 - 2015-12-12 20:46 - 000000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2018-06-21 01:37 - 2018-04-12 06:19 - 000000000 ___HD C:\$WINDOWS.~BT
2018-06-21 01:30 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\Outlook Files
2018-06-21 01:30 - 2015-08-14 01:15 - 000000000 ____D C:\Users\David\Desktop\Outlook Files
2018-06-21 00:05 - 2017-08-24 11:37 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDavid.job
2018-06-20 23:20 - 2015-08-14 01:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-20 18:06 - 2016-02-08 01:24 - 000000000 ____D C:\Users\David\Documents\Bible Study Materials
2018-06-20 17:48 - 2011-05-23 23:01 - 000000000 ____D C:\ProgramData\Sonic
2018-06-19 01:55 - 2017-06-29 20:20 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-06-19 00:55 - 2016-09-17 15:06 - 000000000 ____D C:\Users\David\AppData\Roaming\Worship Extreme
2018-06-19 00:55 - 2015-08-14 01:21 - 000000000 ____D C:\Users\Public\WELibrary
2018-06-18 23:52 - 2017-12-29 01:07 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDavid
2018-06-18 20:56 - 2015-08-14 01:16 - 000000000 ____D C:\Users\David\Documents\Cornerstone Documents
2018-06-18 18:34 - 2017-12-19 11:12 - 000000000 ___DC C:\WINDOWS\Panther
2018-06-18 17:42 - 2016-03-11 15:20 - 000000000 ____D C:\Users\David\AppData\Local\ESET
2018-06-18 17:02 - 2017-12-29 01:07 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-18 03:12 - 2017-12-29 00:36 - 002496978 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-17 02:02 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\CornerstoneGraphics
2018-06-16 22:55 - 2017-09-29 04:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-16 22:40 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-16 22:39 - 2011-05-24 00:42 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2018-06-16 22:34 - 2017-06-30 00:34 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-06-16 22:07 - 2015-08-17 14:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-16 22:02 - 2017-10-10 23:31 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-16 22:02 - 2015-08-17 14:53 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-16 21:13 - 2017-12-29 01:06 - 000047628 _____ C:\WINDOWS\diagwrn.xml
2018-06-16 21:13 - 2017-12-29 01:06 - 000047628 _____ C:\WINDOWS\diagerr.xml
2018-06-16 19:28 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Registration
2018-06-14 22:51 - 2016-04-22 22:06 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-14 22:51 - 2016-04-22 22:06 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-11 22:44 - 2018-04-21 15:27 - 000000000 ____D C:\Program Files (x86)\Cyberduck
2018-06-11 22:44 - 2016-02-02 01:36 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-11 10:52 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-10 00:16 - 2016-03-26 02:18 - 001134507 _____ C:\Users\David\Downloads\Survey Card (Spiritual Response Card).cdr
2018-06-09 20:01 - 2017-12-29 01:07 - 000004586 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-06-09 20:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-09 20:01 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-09 19:08 - 2018-03-13 20:44 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-09 08:52 - 2017-12-29 00:30 - 000787656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-09 08:52 - 2016-02-02 01:37 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-06-08 21:55 - 2017-06-14 01:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-06-08 09:59 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-07 23:13 - 2016-05-28 23:02 - 000000000 ____D C:\ProgramData\Nero
2018-06-07 23:13 - 2016-05-28 23:02 - 000000000 ____D C:\Program Files (x86)\Nero
2018-06-07 23:11 - 2017-01-30 23:41 - 000000000 ____D C:\AdwCleaner
2018-06-07 21:45 - 2016-07-14 19:26 - 000000000 ____D C:\WINDOWS\pss
2018-06-07 09:19 - 2017-11-28 01:25 - 000000000 ____D C:\Program Files (x86)\vMix
2018-06-07 00:38 - 2009-07-13 22:34 - 000450930 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_917
2018-06-05 19:24 - 2018-05-09 17:06 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:24 - 2018-05-09 17:06 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-03 08:26 - 2015-08-14 01:17 - 000000000 ____D C:\Users\David\Documents\Sermons
2018-05-31 17:15 - 2018-04-27 16:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-30 12:37 - 2017-07-30 22:09 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-05-28 21:58 - 2018-04-14 14:40 - 000000000 ____D C:\Users\David\Documents\CreatedforLivingRadio
 
==================== Files in the root of some directories =======
 
2016-06-28 11:14 - 2016-06-28 11:14 - 000000046 _____ () C:\Users\David\AppData\Roaming\Camdata.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini
2016-06-28 11:14 - 2016-06-28 11:14 - 000004536 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg
2016-06-28 11:12 - 2016-06-28 11:12 - 000000096 _____ () C:\Users\David\AppData\Roaming\version2.xml
2016-02-09 02:37 - 2018-04-23 21:41 - 000011264 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-08 02:13 - 2016-11-30 01:34 - 000000600 _____ () C:\Users\David\AppData\Local\PUTTY.RND
2018-06-07 11:46 - 2018-06-07 11:46 - 000007597 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
2018-06-16 23:05 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\dllnt_dump.dll
2018-06-11 23:09 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\kernel32.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-08 10:21
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by David (22-06-2018 03:12:14)
Running from C:\Users\David\Downloads
Windows 10 Home Version 1709 16299.431 (X64) (2017-12-29 05:09:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1443603178-1069732724-762211521-500 - Administrator - Disabled)
David (S-1-5-21-1443603178-1069732724-762211521-1001 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-1443603178-1069732724-762211521-503 - Limited - Disabled)
Guest (S-1-5-21-1443603178-1069732724-762211521-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1443603178-1069732724-762211521-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1443603178-1069732724-762211521-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security Premium (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
5KPlayer 4.0 (HKLM-x32\...\5KPlayer_is1) (Version:  - DearMob, Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (HKLM-x32\...\{9615E45B-7670-4D17-9ED5-28B9E936EEDD}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Any Video Converter 6.1.1 (HKLM-x32\...\Any Video Converter) (Version: 6.1.1 - Anvsoft)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089409) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT089410) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT089443) (Version: 2.2.0.95 - WildTangent) Hidden
bpd_scan_Carrier (HKLM-x32\...\{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{FACA2377-913E-4BF4-BC7B-6DEF40614218}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{ED3D79A6-B3BB-4482-B226-0B620F97258A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT089411) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089412) (Version: 2.2.0.95 - WildTangent) Hidden
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.6.29 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT089413) (Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}) (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (HKLM-x32\...\{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (HKLM-x32\...\{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (HKLM-x32\...\{CA3861BA-1D96-4D66-B577-318E1602C4F3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (HKLM-x32\...\{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (HKLM-x32\...\{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (HKLM-x32\...\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (HKLM-x32\...\{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (HKLM-x32\...\{68EE5C41-2F79-4F36-BE85-22A814F55AF7}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (HKLM-x32\...\{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (HKLM-x32\...\{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (HKLM-x32\...\{8F18CFF8-8259-4148-AD00-2EE572754E92}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (HKLM-x32\...\{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (HKLM-x32\...\{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (HKLM-x32\...\{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Premium Fonts (HKLM-x32\...\{A9E21D37-B157-4245-9C33-179628C47847}) (Version: 1.00.0000 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (HKLM-x32\...\{59123CCF-FED2-46FF-9293-D1DC80042219}) (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (HKLM-x32\...\{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (HKLM-x32\...\{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (HKLM-x32\...\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (HKLM-x32\...\{260ED378-2B8C-4831-ADAE-D0712D119AC5}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (HKLM-x32\...\{9244E956-5939-4B88-930C-0699D4AB2B95}) (Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (HKLM-x32\...\{368FCA18-C510-4F87-B60E-192B9BDBAE3D}) (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Cyberduck (HKLM-x32\...\{7F0B0032-330F-49C3-95AD-364FB38D5C9C}) (Version: 6.6.1.28146 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{bdee7329-1547-4719-a3ed-3e574ca638ea}) (Version: 6.6.1.28146 - iterate GmbH)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT089414) (Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WT089415) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 52.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{8292F88E-2DB7-456B-A8F1-9079B7432A1E}) (Version: 5.0.128 - Sony)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EaseUS MobiSaver for Android version 5.0 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 5.0 - CHENGDU YIWO Tech Development Co., Ltd.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
EPSON NX100 Series Printer Uninstall (HKLM\...\EPSON NX100 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Escape Whisper Valley ™ (HKLM-x32\...\WT089434) (Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Farm Frenzy (HKLM-x32\...\WT089450) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WT089418) (Version: 2.2.0.95 - WildTangent) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Final Drive Fury (HKLM-x32\...\WT089499) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089444) (Version: 2.2.0.95 - WildTangent) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Chrome Beta (HKLM-x32\...\Google Chrome Beta) (Version: 68.0.3440.33 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Install LoJack for Laptops (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0.17 - Absolute Software)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{AA31EA7B-7917-4000-949B-38E91F848A25}) (Version: 8 - Microsoft Corporation) Hidden
Java 10.0.1 (64-bit) (HKLM\...\{D33DF729-38BB-5651-9D40-93BFEFB5DCED}) (Version: 10.0.1.0 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Jewel Quest (HKLM-x32\...\WT089420) (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (HKLM-x32\...\WT089422) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L7600 (HKLM-x32\...\{5D47D0E9-1DD3-4A11-8AE1-D41566BFFD10}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
Logos Bible Software (HKLM-x32\...\{CE7A6374-0987-42AB-9E29-74E1D8336A80}) (Version: 7.208.17 - Faithlife Corporation)
Luxor (HKLM-x32\...\WT089507) (Version: 2.2.0.95 - WildTangent) Hidden
MagicYUV Lossless Video Codec version 1.1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.1 - INNOMAGIC Bt.)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MaxiLink2 (HKLM-x32\...\{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.05 - CenTech) Hidden
MaxiLink2 (HKLM-x32\...\InstallShield_{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.05 - CenTech)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5023.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MiniTool Power Data Recovery 7.5 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 7.5 - MiniTool Solution Ltd.)
Movavi Screen Capture 7 (HKLM-x32\...\Movavi Screen Capture 7) (Version: 7.0.0 - Movavi)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F50CC230-EE79-4931-B72D-8E4D195DFFB0}) (Version: 14.1.500.0 - Audials AG)
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089440) (Version: 2.2.0.95 - WildTangent) Hidden
Nero BurningROM 2016 (HKLM-x32\...\{83D2F005-37FD-4321-B5F7-24EFEACC9834}) (Version: 17.0.00600 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero TuneItUp (HKLM-x32\...\Nero_tuneitup_is1) (Version: 2.4.4.103 - Nero AG)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5023.1000 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.25 - Panda Security and Visicom Media Inc.)
Penguins! (HKLM-x32\...\WT089445) (Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089452) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT089426) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT089508) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT089433) (Version: 2.2.0.95 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProductContext (HKLM-x32\...\{2E9E5756-B244-4096-94E3-BFCB961B75F2}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickBooks 3.3.5 (only current user) (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 3.3.5 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (HKLM-x32\...\WT089503) (Version: 2.2.0.95 - WildTangent) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Slack (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\slack) (Version: 2.6.3 - Slack Technologies)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Syncios 6.3.4 (HKLM-x32\...\Syncios) (Version: 6.3.4 - Anvsoft)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Vegas Movie Studio HD Platinum 10.0 (HKLM-x32\...\{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}) (Version: 10.0.179 - Sony)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089430) (Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vMix Social (HKLM-x32\...\{1A0C8557-EB4A-4DD1-B4F9-A974ADEFE05F}_is1) (Version:  - StudioCoast Pty Ltd)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wedding Dash - Ready, Aim, Love! (HKLM-x32\...\WT089446) (Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Author 6.3.6 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
WORDsearch Basic (HKLM-x32\...\{633A0911-77AE-4B18-BEF0-F46EC8CF54EA}) (Version: 10 - WORDsearch Corp) Hidden
Worship Extreme 4.24.0 (HKLM\...\42c1e679-036c-527f-a96e-99f282f11e83) (Version: 4.24.0 - Worship Extreme Software)
Zoom (HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
Zuma Deluxe (HKLM-x32\...\WT089448) (Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-10] (TODO: <Company name>)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-18] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_S-1-5-21-1443603178-1069732724-762211521-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {010DBBD8-BD06-42C2-BFCA-315465F151ED} - no filepath
Task: {019C103F-0F78-4D77-98F7-AAB6DC0FBCA7} - no filepath
Task: {0251B746-E190-42CB-9EC8-63596C4523CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {02CDEF03-B9B5-4432-8073-3D4F19711FD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4C5EK0HR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {0481A59D-CA8A-4209-ACBA-29EEB184153D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {060B028F-9515-4ECC-83F5-6681A74FB2C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {0706E0E2-CA08-4BAF-9FA4-AF7286B96201} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-30] (Dropbox, Inc.)
Task: {0FEF0959-0C6E-4F4F-A0D3-50228A7D6AA9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10979F53-1833-441E-BC80-38A8A677C91A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {13EE8EA9-A624-42E3-8C0D-E2A572D36C04} - no filepath
Task: {1734174E-1BC0-4225-9416-9522AC97F813} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {1C19C529-7B6D-4EBD-B0DE-DE5D3E8440D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1E772777-01E1-438B-A023-C3E11E973DBA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-07] (AVAST Software)
Task: {20AD18F9-13AE-4B5E-B9CF-F130090AB009} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {2448C473-7C52-46F7-9956-66BD46E46D08} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33E49B30-D53A-4981-8E38-2561C7B30F2D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3C204015-C6C3-46E0-AEB2-FCD9419DFC8B} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {3D28A1CA-E6F3-4CA2-8EC8-E84CD3AEA8A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {40DF25CC-A045-4701-8E96-56F9AD8A4043} - no filepath
Task: {438A6A95-2302-4F64-8F1C-5C5C5B3977A6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4CD8EB8D-5C53-4857-8861-80C1B9508EB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4D37EF5F-A137-49E1-8856-9C71BA5578F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {4F9373DB-A870-424F-9119-A699F1BEEBEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {54AE05BE-4FDB-4306-B387-CC6E45B02B1F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {54B697C9-417D-45DC-AECC-6201FF2CE6F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {60520893-0446-4B52-A75F-2B50D2B1F4CE} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {688B3278-633B-4EC5-88E6-EA6DA72913D2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6C33632E-BB80-450F-B886-4A0D89E05CA2} - no filepath
Task: {6D7DCA86-C57E-4B12-83C8-36CEF0515C92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {6E82F70A-5675-46C1-B996-80A824BDE361} - no filepath
Task: {7AB083BE-3B73-4650-9153-9499E361026D} - no filepath
Task: {7FCD231B-7189-4E99-AE23-996A1DF0E245} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {83107561-32C4-4603-8B0C-7183185A88F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {874B68FE-40FA-498A-8D95-7599153D8BD0} - no filepath
Task: {8ADE40F0-2407-4618-9466-1F5ADB2312CF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {945A3297-53CF-4BAB-A960-7841FF2B1D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {96120BD8-88C9-437C-AA9B-3F5270CE29BA} - no filepath
Task: {987FADB5-2D6F-44C8-AD3B-39675F7E298C} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A0213226-6D5D-4A44-A3B3-421A5094E393} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A63A0B93-F9F0-4B67-9713-AC237258217D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A898E144-3B34-4C7D-8B85-F110F71A1C8B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB3BB114-CD80-49EB-AFFA-978DCA6AECFF} - no filepath
Task: {ACD8751F-6956-4B8C-AEE1-5F38D368793E} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-03-26] (Oracle Corporation)
Task: {B663BB13-2F23-4450-A734-E3B84181C3E3} - no filepath
Task: {B66D1FE5-1073-4703-80D6-5632189DE7BC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-09] (Adobe Systems Incorporated)
Task: {CA63D270-9E6B-4F38-88FB-79A306B563DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CC6612C1-0D6C-47A3-B319-6D5DC44FAE3E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CD0313E1-621D-48B2-9824-FBFE874292A8} - no filepath
Task: {CF67EAEC-768B-4EE1-A36D-F034A8C09EFC} - no filepath
Task: {D07E0906-6D5C-48F8-AC34-1858BFAD6771} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-30] (Dropbox, Inc.)
Task: {D205BBA9-E849-4DD4-BCA4-C20A25334252} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D3F75614-7DCE-4B67-A995-8CF8404D5E72} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D9C44CF9-8FE9-448A-81DF-ACA64BF36168} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {E06AAEB1-64DA-47F2-BCF0-57322F2B4F73} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {EC365DDB-4ED7-4538-8598-5C43D19211A6} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F18503E0-FB55-4D2E-B5C2-130096E6434A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {F1DFFB1C-8A65-460E-92B6-D05E1827F7F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3B4985F-C031-4843-BDB7-53A3E9E175EA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-06-16] (Microsoft Corporation)
Task: {FFB1ACA1-4884-44E4-B13D-ED0F346A446B} - \PCDEventLauncher -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-08-24 21:43 - 2013-10-23 15:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2017-03-20 17:33 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-22 21:10 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2018-06-21 14:07 - 2018-06-21 14:07 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-21 13:53 - 2018-06-21 13:53 - 005842576 _____ () C:\Program Files\AVAST Software\Avast\defs\18062106\algo.dll
2018-06-21 14:07 - 2018-06-21 14:08 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-06-21 14:06 - 2018-06-21 14:06 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-21 14:04 - 2018-06-21 14:04 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-06-21 14:06 - 2018-06-21 14:06 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-06-14 22:50 - 2018-06-12 01:46 - 003867480 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-14 22:50 - 2018-06-12 01:46 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\David\Documents\CornerstoneMarketWebpage.wpp:SummaryInformation [203]
AlternateDataStreams: C:\Users\David\Documents\CornerstoneMarketWebpage.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7872 more sites.
 
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\123simsen.com -> www.123simsen.com
 
There are 7873 more sites.
 
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com
 
There are 7873 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-06-08 22:46 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Win7 LtBlue 1920x1200.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "DellStage"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "AccuWeatherWidget"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Desktop Disc Tool"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "5KPlayer.exe"
HKLM\...\StartupApproved\Run32: => "QBWinClient"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "EPSON NX100 Series"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "TunesGoService"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "AudialsNotifier"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1443603178-1069732724-762211521-1001\...\StartupApproved\Run: => "ToolwizCareFree"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{7A1D5DDE-6DF1-47F7-B9D1-0DDF6EE5A431}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C89CD286-8E2E-4A61-B51E-98AA028AD0B3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CA69EF84-B308-4295-AD11-6EB9C99F1BD2}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [UDP Query User{79243BE0-AF19-4209-B079-9E2F89A23518}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{64FB56B5-C3CD-431B-AB70-81AB12013B75}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{DE0462C5-CD6C-40CE-A2AC-A00C8ADD167B}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{449F3DBF-2DA8-4201-9D87-CD46AD79FE82}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{255D5E87-BED1-4590-BE3B-6F86201FCC68}C:\program files (x86)\serif\webplus\x5\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x5\program\webplus.exe
FirewallRules: [TCP Query User{FE8D46DB-A700-44C6-801B-8159FD1EB79D}C:\program files (x86)\serif\webplus\x5\program\webplus.exe] => (Allow) C:\program files (x86)\serif\webplus\x5\program\webplus.exe
FirewallRules: [{DD7DCE46-0FD6-4D47-8621-EE30961AB3F2}] => (Allow) LPort=31931
FirewallRules: [{20F11CCE-1B9F-438F-8812-095827C6A254}] => (Allow) LPort=14714
FirewallRules: [{911EFC76-86D1-46FB-BF2B-7D24C061EF6F}] => (Allow) LPort=12972
FirewallRules: [{974D909D-086D-4156-975F-F9162A0C9C3B}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{208E42D8-3486-4FB8-A2CD-FB54A095BD1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{175FF394-303E-466D-B2ED-9F1BC457214E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{AA162038-B7E4-42A2-9CB5-53D9A75A9360}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9A7CC7E3-4EFB-45D4-9247-81AF56DE9EBC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{A151206B-5FC9-43FB-BFF7-83962F5CE62C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{79D9327D-F854-4CD4-8691-B8D71CAE6BF6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EBEE2D86-B6E8-40DD-8BD4-6ED8100C61D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BFDD6ABB-60F2-47B2-BAC9-113DFBBF2280}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{DFC150F7-3BEF-47E8-A116-75D24B2F8D16}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{022D4C6F-9CB0-4061-B0D3-37845A588F38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{6DDA88FF-9172-48FB-B54E-54A08F583FD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{313DE573-D8DF-421B-A59F-42D373D97975}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{9BE9C8C4-8FC3-4CD9-B66D-544F19FE1628}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{814D78B5-C855-49F3-866B-8B464F1F2F8A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CC30CCAD-F8A5-4625-A27A-EF608135C09F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B02DD08B-AFE3-4E37-9E25-179F1A3089DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D34F7B56-E464-45DB-9FA2-F4253F3F5AA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{5F45769C-980C-4389-B51B-6FB950B593CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6BAAF447-5EA9-41AC-95BF-73939A9E2B94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{97BAA28D-15EB-43A8-88A2-198DA67B3860}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3737F800-C07E-4196-A904-A2E55EEC8A6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DDF3222E-D21A-4E1A-9D56-E2F3463EE0C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{3DFE1AA8-9C2F-4A8F-B021-800E0D26B2C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A476C662-8576-4856-B3F3-25C0590E8D85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8AC2719A-4B82-4DF6-B0C0-3D096D59BD97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE0590C3-A824-4331-AEB5-57205BC7176F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A8F917E-2898-451E-9AA2-A6A9640BAC83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B05E932B-5C74-4C7E-9526-29E73B311FC9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{026D4220-05FA-43D3-8568-6A0E33F92B2C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5D445376-BDFC-478B-9992-D91128965DDD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4FCF7B43-36E1-4C1A-80FF-BE351D71C9D6}] => (Allow) LPort=1900
FirewallRules: [{938C4AD3-C878-4C32-AB23-AA447940DBDB}] => (Allow) LPort=2869
FirewallRules: [{648618DA-3C87-464C-B6C0-61F01DF1D71F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2504355B-DC50-48DC-A940-A159F54821F8}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{8A8E04C2-AD6E-4318-8A02-A383D4DD6378}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{7C67CD81-D8FD-4139-BDFE-C9C315B2D4A3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{6AC6BB2C-F2A3-4F91-B82A-F32EAA0857CF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{413EB2D6-FC02-406E-AFFA-426057DEF502}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{2A02FF8F-8A9E-4F1D-BB00-11A29A6725DF}] => (Allow) LPort=5357
FirewallRules: [{A55A3350-DBD5-48A8-B630-CB0AC4005035}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E5887791-8829-496A-88B7-6BEE38DAB3C9}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{B86DD39F-0A98-4DD0-A5A6-7BE9272FBF82}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{370CB709-8F90-4535-8BA5-06C42814FB39}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{86588675-5C10-4ADA-AD65-637E3EF14585}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D429CEAB-A65A-477D-967D-93512C62D2CE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E38E7C07-E065-4A32-98A7-F3B48676E82D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A30D36DD-9AE8-4870-BBDA-8AB0519D2963}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4E24FF75-1446-4262-97EC-B738B6B225F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D14BCFD5-AE3B-49FB-970C-020682B8D65C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8BDBF795-26F6-439F-BB2D-6CBE3365A830}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{62EEF3E6-6591-414F-8D97-43106552C8A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B214A120-6176-469A-8559-45772DB37DF2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7587F886-ACA0-4F11-BB4C-19DCD0AAF35B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{0746DBFC-CA23-4FF2-8492-14E6F69E10B8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B2046BF3-2C7B-4E76-A74E-96894EF9BD4D}] => (Allow) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
11-06-2018 21:50:01 Windows Update
16-06-2018 16:33:28 Windows Update
21-06-2018 00:22:07 Windows Update
22-06-2018 02:09:43 Removed iTunes
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/22/2018 03:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/22/2018 03:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/22/2018 03:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/22/2018 03:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/22/2018 03:06:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/22/2018 03:06:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/22/2018 03:06:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/22/2018 03:06:02 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\David\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
System errors:
=============
Error: (06/22/2018 03:03:31 AM) (Source: DCOM) (EventID: 10016) (User: David-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user David-PC\David SID (S-1-5-21-1443603178-1069732724-762211521-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/22/2018 01:44:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} did not register with DCOM within the required timeout.
 
Error: (06/22/2018 01:41:24 AM) (Source: DCOM) (EventID: 10016) (User: David-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user David-PC\David SID (S-1-5-21-1443603178-1069732724-762211521-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/22/2018 01:35:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intuit Update Service v4 service hung on starting.
 
Error: (06/22/2018 01:28:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:16:55 PM on ‎6/‎21/‎2018 was unexpected.
 
Error: (06/21/2018 02:31:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRFHV4V-Microsoft.BingFinance.
 
Error: (06/21/2018 02:31:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9NBLGGH1QWGC-Microsoft.Advertising.Xaml.
 
Error: (06/21/2018 02:31:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 9WZDNCRD29V9-MICROSOFT.MICROSOFTOFFICEHUB.
 
 
Windows Defender:
===================================
Date: 2018-05-11 08:07:03.338
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5C353D35-4C58-4EE0-8C08-9866DED3F059}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-06 00:14:29.307
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.672.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-05-31 17:27:12.964
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.337.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2018-05-31 17:27:03.728
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 
Update Source: User
Signature Type: 
Update Type: 
Current Engine Version: 
Previous Engine Version: 
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-04-26 17:16:55.054
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.267.425.0
Previous Signature Version: 1.265.647.0
Update Source: Signature Update Folder
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14700.5
Error code: 0x80004004
Error description: Operation aborted 
 
Date: 2018-04-26 17:16:55.054
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.267.425.0
Previous Signature Version: 1.265.647.0
Update Source: Signature Update Folder
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14700.5
Error code: 0x80004004
Error description: Operation aborted 
 
CodeIntegrity:
===================================
 
Date: 2018-06-18 18:44:42.754
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wd\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:28.896
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSKMAD.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:12.868
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswStm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:12.674
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:12.157
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswbuniva.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:11.954
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswbidsha.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-18 18:44:11.853
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswbidsdrivera.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-08 21:51:27.016
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 77%
Total physical RAM: 2932.52 MB
Available physical RAM: 653.05 MB
Total Virtual: 5876.52 MB
Available Virtual: 3333.38 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:885.42 GB) (Free:188.69 GB) NTFS
 
\\?\Volume{a183b2c4-4239-11e5-8543-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 45DB2FA2)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=885.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 sasschary

sasschary

  • Malware Study Hall Senior
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:55 PM

Posted 24 June 2018 - 03:37 PM

Hello,

My name is Zach, and, though I generally go by Sasschary, you may call me whatever you want. I will be helping you get your computer working again. Please give me a little bit to look over the logs you posted, and I will post back here again as soon as I can.

Also, please be aware that I am currently in training, so all of my posts need to be reviewed before you can see them. As such, it may take a day or two for me to post my replies.

Sincerely,
Sasschary



#5 sasschary

sasschary

  • Malware Study Hall Senior
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:55 PM

Posted 27 June 2018 - 09:21 AM

Hi JCMONDAVI,

Let's ensure Avast! gets uninstalled completely.

Please follow the instructions on ths page to fully uninstall Avast. I will put instructions on how to boot into Safe Mode at the bottom of my post, in case you need those.

After restarting your computer, please try using it to see how well it works, then report back here on how performance has changed, if at all. If the problem of high disk and memory usage continues, please follow the instructions below to create screenshots of the Task Manager.

 

Let's take a look at what is using your resources.

  • Please open the Task Manager by right clicking on your taskbar and clicking Task Manager.
  • Once the Task Manager has opened, please maximize it so as to show as many processes as possible. Then, please sort the programs by processor usage by clicking the CPU column heading.
  • Make sure that the list is sorted in descending order such that the process with highest usage is at the top. Then, take a screenshot of the task manager box using this tutorial and attach the image to your next reply.
  • Now, click the Disk column header to sort by disk usage, and upload a screenshot of that in descending order, as well.
  • After you have gotten the screenshots, you may reset the Task Manager to its normal view by clicking the Name column and then closing it.

 

You do not need to perform the steps below after taking the screenshots, they are there only for if you needed them when running the Avast! uninstaller.

 

Let's reboot your computer into Safe Mode.

  • Open your Start menu and click the power button.
  • Hold Shift on your keyboard and click Restart.
  • After a moment, a menu should appear. Click Troubleshoot, then Advanced OptionsStartup Settings, and finally Restart.
  • Your computer should restart into a menu with startup settings. Press 4 on your keyboard to select Enable Safe Mode.
  • Your computer should now boot.

Once you get to your desktop, it will display a warning that you are in Safe Mode in each of the four corners of your screen. Do not worry if your desktop looks different from what you are used to; this is normal when you are in Safe Mode.
 

In your next reply, please include the following:

 

  • How is your computer running now?
  • Two Task Manager screenshots

 

sasschary



#6 sasschary

sasschary

  • Malware Study Hall Senior
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:01:55 PM

Posted 30 June 2018 - 08:39 PM

Hi JCMONDAVI,

 

Are you still with me?



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:55 PM

Posted 02 July 2018 - 04:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users