Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help--I think someone has infected my computer & stolen credit card info


  • Please log in to reply
17 replies to this topic

#1 Tigers85

Tigers85

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 06 July 2018 - 10:33 AM

I am running a HP Pavilion desktop with 64-bit, Intel I7-2600 CPU @ 3.40 Ghz and 8.00 Gb ram using a Windows 7 Ultimate OS.  The computer slows and then freezes.  I have to turn the computer off and back on to restart it.  Now, someone purchased items using my credit card and Amazon account.  I am afraid they have hacked my computer.  Is there a way to determine if I have been infected or hacked? Can someone please help me determine if my machine is infected?

 

Thank you for any assistance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Mike (administrator) on JOANNE-HP (06-07-2018 10:06:20)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike & Joanne (Available Profiles: Mike & Joanne & DCC STUDENT)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulAlert.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [296520 2014-08-13] (RealNetworks, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\MountPoints2: M - M:\SISetup.exe
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\MountPoints2: {6b1b32b8-7057-11e5-9447-386077a88860} - WinCleaner Application Setup.exe
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\MountPoints2: {93e9ea08-fd5a-11e2-8b05-386077a88860} - F:\LaunchU3.exe -a
HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\MountPoints2: {b4f8d758-2db9-11e1-93af-386077a88860} - F:\SISetup.exe
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Run: [Google Update] => C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-05-18] (Skype Technologies S.A.)
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [1366528 2018-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\MountPoints2: {5fc0d96f-110c-11e3-b735-386077a88860} - F:\LaunchU3.exe -a
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\MountPoints2: {6b1b32b8-7057-11e5-9447-386077a88860} - WinCleaner Application Setup.exe
HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\MountPoints2: {93e9ea08-fd5a-11e2-8b05-386077a88860} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-10-16]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E380BFE4-22A9-490D-904E-251E8E9E4A8F}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-519529628-480703088-1140930909-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-519529628-480703088-1140930909-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-519529628-480703088-1140930909-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
URLSearchHook: HKU\S-1-5-21-519529628-480703088-1140930909-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-519529628-480703088-1140930909-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-519529628-480703088-1140930909-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-519529628-480703088-1140930909-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {5EABB467-4A01-4945-AD51-E34B2DF2DF2D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {00A64143-4AE1-44CC-8824-E2C39957C8B7} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140825&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {5EABB467-4A01-4945-AD51-E34B2DF2DF2D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-03-15] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-11-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-04-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-04-11] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7kwls3iz.default-1477241418743 [2018-07-06]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-06]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-01-18] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: (PasswordBox) - C:\Program Files (x86)\PasswordBox\Firefox [2013-12-04] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-19] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-18] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-08-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-08-13] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2011-12-26] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-519529628-480703088-1140930909-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Joanne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-519529628-480703088-1140930909-1003: @talk.google.com/O1DPlugin -> C:\Users\Joanne\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-519529628-480703088-1140930909-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-519529628-480703088-1140930909-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default [2018-07-06]
CHR Extension: (Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-25]
CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01]
CHR Extension: (Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-25]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-01-25]
CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-06]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-29] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-11-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-04-02] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-29] (NVIDIA Corporation)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
S4 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-13] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 0087121529319510mcinstcleanup; C:\Windows\TEMP\008712~1.EXE -cleanup -nolog [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [53248 2005-09-21] (Sonic Solutions) [File not signed]
S1 Cdr4_xp; C:\Windows\SysWow64\Drivers\Cdr4_xp.sys [53248 2005-09-21] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
S1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [355840 2005-09-21] (Sonic Solutions) [File not signed]
S1 cdudf_xp; C:\Windows\SysWow64\Drivers\cdudf_xp.sys [355840 2005-09-21] (Sonic Solutions) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S1 DVDVRRdr_xp; C:\Windows\SysWow64\Drivers\DVDVRRdr_xp.sys [141184 2005-09-21] (Windows ® 2000 DDK provider) [File not signed]
S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
S3 dvd_2K; C:\Windows\SysWow64\Drivers\dvd_2K.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2018-07-06] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2015-12-24] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk02; no ImagePath
U3 mfeavfk03; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
S3 mmc_2K; C:\Windows\SysWow64\Drivers\mmc_2K.sys [31232 2005-09-21] (Sonic Solutions) [File not signed]
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-29] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-19] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [126464 2005-09-21] (Sonic Solutions)
S1 pwd_2k; C:\Windows\SysWow64\Drivers\pwd_2k.sys [126464 2005-09-21] (Sonic Solutions) [File not signed]
S4 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [26720 2005-04-25] (Sonic Solutions) [File not signed]
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S1 UDFReadr; C:\Windows\SysWow64\Drivers\UDFReadr.sys [202496 2005-09-21] (Sonic Solutions) [File not signed]
S0 aycwkti; System32\drivers\vjkvccsq.sys [X]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 PSMounter; \??\C:\Windows\system32\drivers\psmounter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-06 10:06 - 2018-07-06 10:06 - 000038055 _____ C:\Users\Mike\Desktop\FRST.txt
2018-07-06 09:24 - 2018-07-06 10:06 - 000000000 ____D C:\FRST
2018-07-06 09:22 - 2018-07-06 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-06 09:21 - 2018-07-06 09:21 - 002412544 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2018-07-06 09:17 - 2018-07-06 09:17 - 002412544 _____ (Farbar) C:\Users\Joanne\Downloads\FRST64.exe
2018-07-06 09:04 - 2018-07-06 09:04 - 015989160 _____ (Piriform Ltd) C:\Users\Mike\Downloads\ccsetup544.exe
2018-06-12 16:16 - 2018-05-29 15:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-06-12 16:16 - 2018-05-29 14:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-12 16:16 - 2018-05-28 21:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-06-12 16:16 - 2018-05-28 21:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-06-12 16:16 - 2018-05-28 21:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-06-12 16:16 - 2018-05-28 21:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-06-12 16:16 - 2018-05-28 21:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-06-12 16:16 - 2018-05-28 21:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-06-12 16:16 - 2018-05-28 21:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-12 16:16 - 2018-05-28 21:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-12 16:16 - 2018-05-28 21:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 21:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-06-12 16:16 - 2018-05-28 21:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-06-12 16:16 - 2018-05-28 21:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-06-12 16:16 - 2018-05-28 21:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-12 16:16 - 2018-05-28 21:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-06-12 16:16 - 2018-05-28 20:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-06-12 16:16 - 2018-05-28 20:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-06-12 16:16 - 2018-05-28 20:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-06-12 16:16 - 2018-05-28 20:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-12 16:16 - 2018-05-28 20:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-12 16:16 - 2018-05-28 20:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-12 16:16 - 2018-05-28 20:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-12 16:16 - 2018-05-28 20:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-12 16:16 - 2018-05-28 20:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 20:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 20:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 20:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-12 16:16 - 2018-05-28 20:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-06-12 16:16 - 2018-05-28 20:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-06-12 16:16 - 2018-05-28 20:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-06-12 16:16 - 2018-05-28 20:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-06-12 16:16 - 2018-05-28 20:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-06-12 16:16 - 2018-05-28 19:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-06-12 16:16 - 2018-05-25 00:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-06-12 16:16 - 2018-05-24 23:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-06-12 16:16 - 2018-05-24 23:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-06-12 16:16 - 2018-05-24 23:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-06-12 16:16 - 2018-05-24 23:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-06-12 16:16 - 2018-05-24 23:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-06-12 16:16 - 2018-05-24 23:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-06-12 16:16 - 2018-05-24 23:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-06-12 16:16 - 2018-05-24 23:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-06-12 16:16 - 2018-05-24 23:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-06-12 16:16 - 2018-05-24 23:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-06-12 16:16 - 2018-05-24 23:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-06-12 16:16 - 2018-05-24 23:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-12 16:16 - 2018-05-24 23:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-06-12 16:16 - 2018-05-24 23:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-06-12 16:16 - 2018-05-24 23:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-06-12 16:16 - 2018-05-24 23:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-06-12 16:16 - 2018-05-24 23:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-06-12 16:16 - 2018-05-24 23:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-12 16:16 - 2018-05-24 23:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-06-12 16:16 - 2018-05-24 23:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-06-12 16:16 - 2018-05-24 23:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-12 16:16 - 2018-05-24 23:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-12 16:16 - 2018-05-24 23:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-12 16:16 - 2018-05-24 23:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-12 16:16 - 2018-05-24 23:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-06-12 16:16 - 2018-05-24 23:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-06-12 16:16 - 2018-05-24 23:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-12 16:16 - 2018-05-24 23:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-06-12 16:16 - 2018-05-24 23:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-12 16:16 - 2018-05-24 23:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-06-12 16:16 - 2018-05-24 23:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-06-12 16:16 - 2018-05-24 23:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-12 16:16 - 2018-05-24 23:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-06-12 16:16 - 2018-05-24 23:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-12 16:16 - 2018-05-24 23:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-12 16:16 - 2018-05-24 23:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-12 16:16 - 2018-05-24 23:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-06-12 16:16 - 2018-05-24 23:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-12 16:16 - 2018-05-24 23:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-12 16:16 - 2018-05-24 22:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-12 16:16 - 2018-05-24 22:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-06-12 16:16 - 2018-05-24 22:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-06-12 16:16 - 2018-05-24 22:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-06-12 16:16 - 2018-05-24 22:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-06-12 16:16 - 2018-05-24 22:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-06-12 16:16 - 2018-05-24 22:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-06-12 16:16 - 2018-05-24 22:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-12 16:16 - 2018-05-24 22:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-12 16:16 - 2018-05-24 22:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-12 16:16 - 2018-05-24 22:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-12 16:16 - 2018-05-24 22:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-12 16:16 - 2018-05-24 22:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-12 16:16 - 2018-05-24 22:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-12 16:16 - 2018-05-24 22:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-12 16:16 - 2018-05-24 22:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-12 16:16 - 2018-05-24 22:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-06-12 16:16 - 2018-05-24 22:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-12 16:16 - 2018-05-24 22:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-12 16:16 - 2018-05-24 22:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-12 16:16 - 2018-05-24 22:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-12 16:16 - 2018-05-24 22:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-06-12 16:16 - 2018-05-24 22:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-12 16:16 - 2018-05-24 22:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-06-12 16:16 - 2018-05-24 22:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-12 16:16 - 2018-05-24 22:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-12 16:16 - 2018-05-14 23:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-06-12 16:16 - 2018-05-14 22:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-06-12 16:16 - 2018-05-14 22:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2018-06-12 16:16 - 2018-05-14 22:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-06-12 16:16 - 2018-05-14 22:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2018-06-12 16:16 - 2018-05-14 22:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2018-06-12 16:16 - 2018-05-14 22:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2018-06-12 16:16 - 2018-05-14 22:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-12 16:16 - 2018-05-14 22:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-12 16:16 - 2018-05-14 22:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-12 16:16 - 2018-05-14 22:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-12 16:16 - 2018-05-14 22:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-12 16:16 - 2018-05-14 22:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-12 16:16 - 2018-05-14 20:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-06-12 16:16 - 2018-05-14 20:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-06-12 16:16 - 2018-05-11 21:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-06-12 16:16 - 2018-05-11 21:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-06-12 16:16 - 2018-05-11 21:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-06-12 16:16 - 2018-05-11 16:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-06-12 16:16 - 2018-05-11 16:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2018-06-12 16:16 - 2018-05-11 16:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-06-12 16:16 - 2018-05-10 19:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-12 16:16 - 2018-05-10 19:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-12 16:16 - 2018-05-10 19:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-12 16:16 - 2018-04-06 11:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-06-12 16:16 - 2018-04-06 11:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-06 09:58 - 2015-07-21 11:28 - 000003312 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2018-07-06 09:53 - 2016-03-31 10:35 - 000000540 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-519529628-480703088-1140930909-1003.job
2018-07-06 09:32 - 2016-03-31 10:35 - 000000636 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-519529628-480703088-1140930909-1003.job
2018-07-06 09:24 - 2009-07-13 23:45 - 000022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-06 09:24 - 2009-07-13 23:45 - 000022848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-06 09:20 - 2016-06-10 13:06 - 000003226 _____ C:\Windows\System32\Tasks\ReclaimerResumeInstall_Mike
2018-07-06 09:20 - 2016-06-10 13:06 - 000003194 _____ C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_Mike
2018-07-06 09:20 - 2014-12-06 11:27 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-07-06 09:19 - 2018-01-25 00:52 - 000000000 ____D C:\ProgramData\ProductData
2018-07-06 09:19 - 2011-12-19 16:17 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-06 09:11 - 2016-06-10 12:49 - 000000000 ____D C:\Users\Joanne\Desktop\Icons
2018-07-06 09:10 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-07-06 09:08 - 2018-01-25 00:48 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-06 09:03 - 2014-03-03 14:21 - 000000000 ____D C:\Users\Mike\AppData\Local\Google
2018-07-06 01:32 - 2018-06-03 11:09 - 000003522 _____ C:\Windows\System32\Tasks\McAfee DAT Built in test
2018-06-27 20:53 - 2017-10-25 12:35 - 000000000 ____D C:\Users\Joanne\AppData\Local\GoToMeeting
2018-06-26 16:34 - 2015-12-28 03:00 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 16:34 - 2015-12-28 03:00 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 03:53 - 2011-12-23 17:41 - 000000000 ____D C:\Users\Joanne
2018-06-20 19:38 - 2017-12-21 18:00 - 000001308 _____ C:\Users\Public\Desktop\Skype.lnk
2018-06-20 19:38 - 2017-12-21 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-06-13 21:35 - 2016-12-16 15:37 - 000000000 ____D C:\Users\Joanne\AppData\LocalLow\Mozilla
2018-06-13 21:35 - 2012-12-06 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-13 21:34 - 2016-11-29 12:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-13 04:11 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-06-13 03:41 - 2016-08-04 22:31 - 000745504 _____ C:\Windows\system32\perfh00A.dat
2018-06-13 03:41 - 2016-08-04 22:31 - 000158582 _____ C:\Windows\system32\perfc00A.dat
2018-06-13 03:41 - 2009-07-14 00:13 - 001678218 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 03:34 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 03:12 - 2013-08-05 03:03 - 000000000 ____D C:\Windows\system32\MRT
2018-06-13 03:07 - 2017-10-11 03:05 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-06-13 03:07 - 2011-12-28 22:14 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-09 11:37 - 2016-03-31 10:35 - 000003666 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-519529628-480703088-1140930909-1003
2018-06-09 11:37 - 2016-03-31 10:35 - 000003570 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-519529628-480703088-1140930909-1003
 
==================== Files in the root of some directories =======
 
2011-12-19 16:37 - 2011-06-09 18:44 - 000002792 _____ () C:\Program Files\HP SimplePass 2011
2013-08-15 05:27 - 2014-05-30 14:26 - 000003748 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-11-15 12:17 - 2015-11-15 12:17 - 000000017 _____ () C:\Users\Mike\AppData\Local\resmon.resmoncfg
2012-07-24 19:52 - 2012-07-24 19:52 - 000000000 _____ () C:\Users\Mike\AppData\Local\{4D36E965-E325-11CE-BFC1-08002BE10318}.sav
 
Some files in TEMP:
====================
2017-07-30 14:42 - 2017-07-30 15:52 - 058740704 _____ (Skype Technologies S.A.) C:\Users\Joanne\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-27 00:32
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Mike (06-07-2018 10:06:53)
Running from C:\Users\Mike\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2011-12-23 21:57:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-519529628-480703088-1140930909-500 - Administrator - Disabled)
DCC STUDENT (S-1-5-21-519529628-480703088-1140930909-1005 - Limited - Enabled) => C:\Users\DCC STUDENT
Guest (S-1-5-21-519529628-480703088-1140930909-501 - Limited - Disabled)
Joanne (S-1-5-21-519529628-480703088-1140930909-1003 - Limited - Enabled) => C:\Users\Joanne
Mike (S-1-5-21-519529628-480703088-1140930909-1001 - Administrator - Enabled) => C:\Users\Mike
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{7F28165B-148D-4672-AA21-469D9E6E3CB6}) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.6 - Belarc Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compact Wireless-G USB Network Adapter with SpeedBooster (HKLM-x32\...\{65563451-00B6-458C-9F9A-03A7757355A6}) (Version:  - )
Convert Audio Free WMA to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free WMA to MP3_is1) (Version: 1.0 - )
CyberLink Media Suite Premium (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3928 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2925 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FormatFactory 3.9.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
G Suite Migration For Microsoft Outlook® 4.0.114.0 (HKLM-x32\...\{21AA6D39-6003-49C6-A9B1-94D9BEB78C2C}) (Version: 4.0.114.0 - Google, Inc.)
G Suite Sync™ for Microsoft Outlook® 4.0.9.0 (HKLM-x32\...\{68DB6985-7635-4D55-8C56-C20BDC624E14}) (Version: 4.0.9.0 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Talk (remove only) (HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Howie's Quick Screen Capture 1.1.1 (HKLM-x32\...\{370674BC-FCD0-4C4D-9B55-49A6EFC3DAC6}_is1) (Version:  - Howies Funware)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Mah Jong Medley (HKLM-x32\...\WTA-23e97d1d-e651-4179-abc1-7ae5a76b2ee2) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.73 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.73 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Oracle VM VirtualBox 4.1.8 (HKLM\...\{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}) (Version: 4.1.8 - Oracle Corporation)
PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4020 - CyberLink Corp.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.56.0 - Mediatek)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Reservationless-Plus VoIP (HKLM-x32\...\{332A79EB-FD7C-4BCB-8F4F-D21AD9662B25}) (Version: 5.16.11.086 - InterCall, Inc.)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Roxio Easy Media Creator 7 (HKLM-x32\...\{A99C6296-A311-4D6C-9602-53B4241921D5}) (Version: 7.5.3.51 - Roxio, Inc.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R11 - McAfee, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype version 8.22 (HKLM-x32\...\Skype_is1) (Version: 8.22 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.8.0 - IObit)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{FC658781-D7E8-4D70-89A8-4D2FFE0C0B1C}) (Version: 1.16.3 - Texas Instruments Inc.)
TI USB3 Host Driver (HKLM-x32\...\{FC658781-D7E8-4D70-89A8-4D2FFE0C0B1C}) (Version: 1.16.3 - Texas Instruments Inc.) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Waterfox 49.0.2 (x64 en-US) (HKLM\...\Waterfox 49.0.2 (x64 en-US)) (Version: 49.0.2 - Mozilla)
WaveShop (x64) (HKLM\...\{4912D50F-1CFB-4D91-B654-29E5BC2B1592}) (Version: 1.0.0 - Anal Software)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\WTA-2b8d0d57-7486-4dec-8aad-2e0cfda82455) (Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Joanne\AppData\Local\GoToMeeting\8679\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-519529628-480703088-1140930909-1003_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Joanne\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} =>  -> No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-04-11] (McAfee, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> [CC]{FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> [CC]{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> [CC]{57CE581A-0CB6-4266-9CA0-19364C90A0B3} =>  -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-04-11] (McAfee, Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0061B341-A584-4D1A-97A2-9968ED151BB2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-519529628-480703088-1140930909-1003UA => C:\Users\Joanne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc.)
Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {05581185-23E0-43FF-AF65-C4B4D228C828} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {19361A40-69EA-4C6D-9627-8CAF11892F19} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1AFBD864-E106-46DA-9816-F95128D5F422} - System32\Tasks\ReclaimerResumeInstall_Mike => C:\Users\Mike\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.11\agent\rnupgagent.exe [2018-07-06] (RealNetworks, Inc.)
Task: {2497FADA-6DDC-45F1-AFDC-7FED94BA152B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2887BE99-2246-4E4C-B65F-4BD3CF00BAB1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-519529628-480703088-1140930909-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3BCD7E60-47F8-4DEF-96AB-582719EE20D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {40C888E8-204D-4A7F-B746-621443737913} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-03-27] (McAfee, Inc.)
Task: {4B626DD0-9533-478E-9671-C3A5D54161CA} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {53604197-35E7-450E-923B-3B71A000A2A0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-519529628-480703088-1140930909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {59A6F371-B718-42D2-9FCD-473B48ABB61A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5A42CD6B-9682-4CA7-AA70-0A6B52DAC1C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {5DF12B87-42D6-4569-9D33-FD3605BE81E6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-15] (Adobe Systems Incorporated)
Task: {673E87E3-1B15-4EC3-B0D0-2422BDDA0B5C} - System32\Tasks\G2MUploadTask-S-1-5-21-519529628-480703088-1140930909-1003 => C:\Users\Joanne\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-09] (LogMeIn, Inc.)
Task: {6AFDA338-442E-4BC1-9E84-691AC0A17601} - System32\Tasks\ReclaimerResumeInstallLogin_Mike => C:\Users\Mike\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.11\agent\rnupgagent.exe [2018-07-06] (RealNetworks, Inc.)
Task: {6CBA23AD-79C3-427E-82CD-5A4E794F5564} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {773D2D53-93D7-4A9F-A0DD-E50C7A1419D2} - \Updater12759.exe -> No File <==== ATTENTION
Task: {886827A3-EEF2-4B39-ABF7-82EB56A29264} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-519529628-480703088-1140930909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {959F2C0A-31FC-4081-AC35-4105A808C45E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {96935B06-3C68-4ACB-9823-738B88305A4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {9B0C3B1A-8F2F-47E3-8392-6BE8F840B8B9} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink)
Task: {A59383E9-9C37-4FB3-8308-8AD7B3E5E1B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A88B172E-F20F-43EA-B1D5-9E05C8F1F493} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-519529628-480703088-1140930909-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B43E8C9A-F924-43C7-850E-CF9416F79CF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {B8FFE3E8-3385-4B26-9F9C-CD6CC628844A} - System32\Tasks\G2MUpdateTask-S-1-5-21-519529628-480703088-1140930909-1003 => C:\Users\Joanne\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-09] (LogMeIn, Inc.)
Task: {BD4EEDDC-9A33-43FE-BC4C-444600F549D2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C0EF376E-6C75-4D50-A797-15F155F9646D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CC5885D4-7085-49EF-B80A-F6CDCDC87BB1} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-12-20] (IObit)
Task: {D93DDB27-4846-4871-82F8-087E5FE62663} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {DEB48B2A-87F2-488D-B9E5-7E959942CF32} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E831DF10-F343-4E5D-A7A0-E67C19ACBA1A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-519529628-480703088-1140930909-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E9BE88C3-3C85-489B-8FD8-03A87450963A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-15] (Adobe Systems Incorporated)
Task: {F2C7C079-FB8E-4348-A37E-95CBD29AB202} - System32\Tasks\GoogleUpdateTaskMachineUA1d0414b57c85e4a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F34CE8DD-AC20-461E-9115-CFFD45A0E562} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {F43AF0A9-7BBF-4EA7-BA96-8703D9467075} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-519529628-480703088-1140930909-1003Core => C:\Users\Joanne\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-02] (Google Inc.)
Task: {FD36789F-95E1-4BC1-9FA9-EC6FCC4B53ED} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-519529628-480703088-1140930909-1003.job => C:\Users\Joanne\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-519529628-480703088-1140930909-1003.job => C:\Users\Joanne\AppData\Local\GoToMeeting\8953\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-12 20:39 - 2012-08-31 16:03 - 000288768 _____ () C:\Windows\System32\HP1100LM.DLL
2012-01-06 12:09 - 2012-08-31 16:02 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-09-20 21:49 - 2016-06-29 17:44 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2018-04-06 06:05 - 2018-04-06 06:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-06-10 13:12 - 2016-06-10 13:12 - 000012520 _____ () C:\Users\Joanne\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2016-06-10 13:12 - 2016-06-10 13:12 - 000015080 _____ () C:\Users\Joanne\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2016-06-10 13:12 - 2016-06-10 13:12 - 000014056 _____ () C:\Users\Joanne\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2012-01-06 12:09 - 2012-08-31 16:03 - 003034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2012-01-06 12:09 - 2012-08-31 16:02 - 001038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2012-01-06 12:09 - 2012-08-31 16:03 - 000373760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
2018-06-26 16:34 - 2018-06-22 14:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 16:34 - 2018-06-22 14:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2012-01-16 18:33 - 2012-01-16 18:33 - 000006144 _____ () C:\Users\Mike\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
2012-01-16 18:33 - 2012-01-16 18:33 - 000008704 _____ () C:\Users\Mike\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
2012-01-16 18:33 - 2012-01-16 18:33 - 000007680 _____ () C:\Users\Mike\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-09-20 21:49 - 2016-06-29 17:44 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-09-20 21:49 - 2016-06-29 17:44 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-08-01 22:20 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-01 22:20 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-01 22:20 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-01 22:20 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-01 22:20 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-11 22:02 - 2016-06-29 17:44 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-07-16 01:33 - 2015-07-16 01:33 - 000196776 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2017-12-21 17:59 - 2018-05-18 16:41 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-06-20 19:38 - 2018-05-18 16:41 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-12-21 17:59 - 2018-05-18 16:41 - 002723968 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-12-21 17:59 - 2018-05-18 16:41 - 000031872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-06-20 19:38 - 2018-05-18 16:41 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-06-20 19:38 - 2018-05-18 16:41 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-06-20 19:38 - 2018-05-18 16:41 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-06-20 19:38 - 2018-05-18 16:41 - 002288080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-01-25 00:52 - 2016-01-11 18:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2018-01-25 00:52 - 2016-01-11 18:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Joanne\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\untitled folder 4:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Documents\.DS_Store:AFP_AfpInfo [122]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7781 more sites.
 
IE trusted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\internet -> internet
IE trusted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1001\...\1-se.com -> 1-se.com
 
There are 11318 more sites.
 
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-519529628-480703088-1140930909-1003\...\123simsen.com -> www.123simsen.com
 
There are 7781 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-01-09 16:11 - 000445095 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15280 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-519529628-480703088-1140930909-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-519529628-480703088-1140930909-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Joanne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BeatsOSDApp => c:\program files\idt\wdm\beats64.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FileHippo.com => "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: RoxioDragToDisc => 
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => c:\program files\idt\wdm\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Windows Defender => %programfiles%\windows defender\msascui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E5FBC398-944E-4642-A098-21ABAAF9C4EF}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{C1F7B385-1D12-4992-B24B-5EA67771759A}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{44943C65-5478-4E21-9464-747E8A40E194}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{7FE6BD9B-3437-468A-9312-688349D2F022}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{633DA57F-EFC7-40C6-B8BB-92DE3203F967}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{EB61EA15-FB37-4798-84D0-4F36958C87B3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{2CDDC066-359D-4B9E-82FA-C7FD20E1740D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{3787163C-452B-4307-89A2-864FF741B897}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C48FC2C9-4D5F-433C-B1BB-0B9A05DA5F18}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C8625A35-1092-481B-B4D7-A922449A3277}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DAB84CE3-229D-4920-9BF6-CD42DEA3F253}] => (Allow) LPort=2869
FirewallRules: [{00B4522A-8040-41FA-8059-D6C6CCE75F66}] => (Allow) LPort=1900
FirewallRules: [{F1F08867-39EF-4E76-956B-DEBE63237617}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EBD35726-76AF-4B2D-B149-34DBECECB0EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7B917C21-B12A-4BE2-86C5-EFEF39DD6EB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{94DD199A-FEE1-49AE-AED3-3D5CBBB1FEF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{503FDD21-DFC9-4199-82D8-031CC46C5C6A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{6BB5DCDF-E576-4A7B-8760-320FFF0A9F39}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{860DB5C4-957B-4BE3-AC7D-6066A4B149CA}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{352B5713-0AFC-4F16-867C-F70516B92D3A}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{E6360446-55C5-49A7-90C3-28DB99D8C15E}] => (Allow) C:\Program Files\hp\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{CE0EB221-9B4D-4340-AC4D-52F71E9B83A1}] => (Allow) C:\Program Files\hp\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{88EC801E-E8D6-4CB0-9890-8C0D7EEB927C}] => (Allow) LPort=9100
FirewallRules: [{B30D0606-B264-407E-A975-B34F8C9BE7CE}] => (Allow) LPort=427
FirewallRules: [{DF19743B-DB62-4B69-82F9-41BCD90EAD0C}] => (Allow) LPort=161
FirewallRules: [{6F14AAC7-0F69-4FC7-ACCA-9E7BC835BAC5}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{E6C57B8C-9C02-48AE-8FAB-62B463B200B4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3D4414BB-6016-425D-8668-12A5DA072DCD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B1F4668B-ACDA-4275-AA1F-D3E161DE1706}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7070E88F-69A8-4AD2-B564-59DA0EE43F17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E17A302D-0B57-4D26-B100-5C9A97522082}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7F9EEE9-260A-40BD-8535-AB2CF8639FCE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C241588A-3B1B-498D-BA67-0BBB6D34B9E9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D4A5553B-7D6A-450B-AA1B-3B524FAF4737}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D54B5CA0-D60F-4797-B2E9-586F57358C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{56887B0F-4FD1-4D69-A729-6719A1001E93}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8D236967-FA73-4A96-9E28-E6A25FE7519E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5BE69E9B-823C-4942-8F88-D7BEA5C38856}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{60B609FC-314D-4802-9247-A96B091AD82D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04E1EB3A-CC71-4DD0-99A8-C3F533068496}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE95F18E-CDC0-44A7-8135-6847E16B0D98}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{64AE462A-4777-46BF-A3E2-516B99815F47}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BC2CBD3F-8529-4F4C-A0B3-BF4BCC35CF6D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{34240AFE-654C-4AB8-B834-B27093A37E91}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F727F0DC-2682-424F-BFC6-DFA54FB1D759}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F0AA679-C4D8-4C64-B880-5205A54C0394}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5161A67F-93F0-4769-9956-38D48D7D688D}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B5E47EC2-9F95-4020-A9ED-8EAA9AE185D3}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [TCP Query User{6FCB4ECF-B503-422E-A99E-A0D380E20E8B}C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe] => (Allow) C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe
FirewallRules: [UDP Query User{6C341E55-84A5-4B12-8B9B-6784B2C62D1F}C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe] => (Allow) C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe
FirewallRules: [{2B821B57-5FCF-4DB0-8D66-E6002E9C6CF7}] => (Block) C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe
FirewallRules: [{21CF8DAF-0045-4CE6-8ACD-5044CA6DBEF3}] => (Block) C:\users\joanne\appdata\roaming\reservationless-plus voip\rpvoip.exe
FirewallRules: [{DF09B19A-E53A-4FAE-B233-8C50A1DEAC81}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEC5D667-D93E-4834-9B6E-0CB54E8B54BA}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{9C2CDF79-A0EA-45A9-B6FA-8FECD1B6530C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A2AE18CE-BFA6-444A-BDDE-FCEA9E0EA3C2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{2EAB9E4E-26A0-42D4-B51F-6C17C9A24AF4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{F5F7B5B3-FA0A-4FFF-BF48-7653789EAB28}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{AC65EB17-D4CA-4312-8D90-7D40607F8204}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20F08405-10ED-425D-A4DF-E66AB3048519}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{AC3FAC40-4B7A-4AB3-88BE-4EFA32E898BA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
13-06-2018 03:00:53 Windows Update
21-06-2018 00:00:04 Scheduled Checkpoint
29-06-2018 00:11:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2018 09:25:16 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (25312) An attempt to open the file "C:\Users\Mike\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (06/29/2018 12:11:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {14f4cc79-e8d0-46e8-b51d-34bcbf9311bf}
 
Error: (06/21/2018 12:00:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2ca22af2-b2d3-4ec7-ab59-ae6533344ed1}
 
Error: (06/13/2018 12:49:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 66.0.3359.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1978
 
Start Time: 01d4033ea72d2232
 
Termination Time: 3
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 0c2f227f-6f32-11e8-8f1a-386077a88860
 
Error: (06/13/2018 03:00:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6b63e1e2-66ce-4ba4-bc33-04150ff05e5e}
 
Error: (06/09/2018 12:00:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {68095785-e24a-4383-b5e6-624f8c248f72}
 
Error: (06/01/2018 01:28:43 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {a91ca776-bf06-474c-bab4-31e71b1b2ff4}
 
Error: (05/25/2018 12:00:02 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-519529628-480703088-1140930909-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3add3f43-4813-40a6-a4ae-aa5dd5379bea}
 
 
System errors:
=============
Error: (07/06/2018 09:50:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/06/2018 09:50:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2018 09:34:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/06/2018 09:34:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2018 09:26:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/06/2018 09:26:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (07/06/2018 09:22:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (07/06/2018 09:22:34 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
Windows Defender:
===================================
Date: 2016-10-16 16:01:42.207
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2016-10-07 16:03:28.546
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2016-09-26 17:03:48.297
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2016-05-12 02:11:15.478
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
CodeIntegrity:
===================================
 
Date: 2018-06-13 03:33:11.588
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:11.338
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdudf_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:11.042
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:10.792
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pwd_2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:10.542
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdralw2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:10.293
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdralw2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:10.043
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdr4_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2018-06-13 03:33:09.778
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdr4_xp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 88%
Total physical RAM: 8172.31 MB
Available physical RAM: 902.41 MB
Total Virtual: 16342.79 MB
Available Virtual: 3490.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.79 GB) (Free:690.94 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.62 GB) (Free:1.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Mike) (Fixed) (Total:93.13 GB) (Free:62.06 GB) NTFS
Drive m: (Joanne) (Fixed) (Total:93.13 GB) (Free:64.5 GB) NTFS
Drive n: (New Volume) (Fixed) (Total:93.14 GB) (Free:75.08 GB) NTFS
 
\\?\Volume{b4f8d6d7-2db9-11e1-93af-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BBF56A6F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 279.4 GB) (Disk ID: DD72BC32)
Partition 1: (Not Active) - (Size=93.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=93.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:58 PM

Posted 07 July 2018 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We have no way of knowing how you password was stolen.

We can only suggest if not already done is to change all your passwords used for personal use on the WEB.
====

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-519529628-480703088-1140930909-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S0 aycwkti; System32\drivers\vjkvccsq.sys [X]

Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {773D2D53-93D7-4A9F-A0DD-E50C7A1419D2} - \Updater12759.exe -> No File <==== ATTENTION
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
AlternateDataStreams: C:\Users\Joanne\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\untitled folder 4:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Documents\.DS_Store:AFP_AfpInfo [122][/B]

C:\Windows\system32\GWX

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If you have any other issues with this computer please let me know.

#3 Tigers85

Tigers85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 07 July 2018 - 04:38 PM

Thank you for responding so quickly.  I have posted the Fixlog.txt below, but I have noticed that the fixlist.txt file I created per your instructions has disappeared.  Is this supposed to happen?
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Mike (07-07-2018 14:05:40) Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike & Joanne (Available Profiles: Mike & Joanne & DCC STUDENT)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-519529628-480703088-1140930909-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-519529628-480703088-1140930909-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S0 aycwkti; System32\drivers\vjkvccsq.sys [X]
 
Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {0221C7DB-8757-4887-9D22-82E8FCFC6D58} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {4D3E6B31-B30F-4507-943E-62639D27322E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {773D2D53-93D7-4A9F-A0DD-E50C7A1419D2} - \Updater12759.exe -> No File <==== ATTENTION
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {E54FB470-98AC-4601-867A-A9B276ED2407} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-07-13] (Microsoft Corporation)
AlternateDataStreams: C:\Users\Joanne\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Joanne\Desktop\untitled folder 4:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Mike\Documents\.DS_Store:AFP_AfpInfo [122][/B]
 
C:\Windows\system32\GWX
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-519529628-480703088-1140930909-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
"HKU\S-1-5-21-519529628-480703088-1140930909-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-519529628-480703088-1140930909-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => not found
"HKU\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKU\S-1-5-21-519529628-480703088-1140930909-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"HKU\S-1-5-21-519529628-480703088-1140930909-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => not found
"HKLM\System\CurrentControlSet\Services\aycwkti" => removed successfully
aycwkti => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0221C7DB-8757-4887-9D22-82E8FCFC6D58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0221C7DB-8757-4887-9D22-82E8FCFC6D58}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0221C7DB-8757-4887-9D22-82E8FCFC6D58} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D3E6B31-B30F-4507-943E-62639D27322E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E6B31-B30F-4507-943E-62639D27322E}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3E6B31-B30F-4507-943E-62639D27322E} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{773D2D53-93D7-4A9F-A0DD-E50C7A1419D2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{773D2D53-93D7-4A9F-A0DD-E50C7A1419D2}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater12759.exe => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} => not found
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98001B2C-D9BF-4DEC-A691-A19EE3ACC97A} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54FB470-98AC-4601-867A-A9B276ED2407} => not found
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54FB470-98AC-4601-867A-A9B276ED2407} => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => not found
C:\Users\Joanne\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Joanne\Desktop\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Joanne\Desktop\untitled folder 4 => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Mike\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Mike\Desktop\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Users\Mike\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
C:\Windows\system32\GWX => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 14:06:27 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:58 PM

Posted 08 July 2018 - 09:46 AM

Hi,

I have no need of it. It's posted.

How is the computer running now?

#5 Tigers85

Tigers85
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 08 July 2018 - 09:54 AM

It still seems to be running slow.  I haven't noticed any freezing, but I have had limited use with it while corresponding with you as I didn't want to cause any changes to anything after sending you the logs without your instructions to do anything.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:58 PM

Posted 09 July 2018 - 08:46 AM

Hi,

 

Have you restarted the computer a few time since the fix?

 

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======


    #7 Tigers85

    Tigers85
    • Topic Starter

    • Members
    • 63 posts
    • OFFLINE
    •  
    • Local time:04:58 PM

    Posted 09 July 2018 - 12:49 PM

    I restarted it once as part of the Farber process.  I have run the RougeKiller program, but I did not delete anything as there was nothing in red, only orange (suspicious) and gray (PUM).  I have included the report below:

     

    RogueKiller V12.12.26.0 (x64) [Jul  9 2018] (Free) by Adlice Software
     
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Mike [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Scan -- Date : 07/09/2018 12:14:06 (Duration : 00:25:23)
    Switches : -refid
     
    ¤¤¤ Processes : 0 ¤¤¤
     
    ¤¤¤ Registry : 10 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0087121529319510mcinstcleanup (C:\Windows\TEMP\008712~1.EXE -cleanup -nolog) -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0087121529319510mcinstcleanup (C:\Windows\TEMP\008712~1.EXE -cleanup -nolog) -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-519529628-480703088-1140930909-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found
     
    ¤¤¤ Tasks : 0 ¤¤¤
     
    ¤¤¤ Files : 0 ¤¤¤
     
    ¤¤¤ WMI : 0 ¤¤¤
     
    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
     
    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDS721010CLA632 +++++
    --- User ---
    [MBR] 4ca686b8fda6678a353323ea2c773553
    [BSP] 729cf4dbc424f01dde2ad3742fdb5a07 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 939816 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1924950016 | Size: 13951 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
    +++++ PhysicalDrive2: Generic- SD/MMC +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive3: Generic- Compact Flash +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive4: Generic- SM/xD-Picture +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
    +++++ PhysicalDrive5: Generic- MS/MS-Pro +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 39,586 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:58 PM

    Posted 09 July 2018 - 01:25 PM

    Hi,

    Nothing to worry about.
    The first two entries are from McAfee's cleanup tool.

    The others are just Keys in your Registry.

    There could be some remnant items.
    ====

    This scan may take an hour or two. Execute it when you know you will not need the comuuter.

    Please scan your computer with ESET Online Scanner.
    • Click on this link to open ESET Online Scanner in a new window.
      • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
      • Close all your programs and browsers.
      • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
      • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
    • Check mark Download latest version of ESET Online Scanner and click the Accept button.
    • Accept any security warnings that may appear.
    • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
    • Then click Advanced settings and check mark the following options:
      • Enable detection of potentially unsafe applications
      • Clean threats automatically
    • Click the Scan button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats.
    • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    Note: If nothing is found, it will not produce a log.

    Please re-enable your antivirus program.

    #9 Tigers85

    Tigers85
    • Topic Starter

    • Members
    • 63 posts
    • OFFLINE
    •  
    • Local time:04:58 PM

    Posted 09 July 2018 - 08:44 PM

    Hello,

     

    I ran the ESET Scan and the results are below.  However, the interface was not exactly as you described, so they may have updated since the last time you used it.  I did not clean any of the items listed because that was not in your instructions, so please let me know if I should run the scan again and clean any/all of the items in the log.

     

     

    C:\AdwCleaner\quarantine\files\njxxaxjxmpngeaxhrmqgrfqyamjondpe\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
    C:\AdwCleaner\quarantine\files\njxxaxjxmpngeaxhrmqgrfqyamjondpe\{746AB259-6474-4111-8966-1C62F9A6E063}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted
    C:\Joanne\Desktop\Mike\DRIVES\Joanne\Joanne Desktop\Tools\Uniblue\powersuite.exe a variant of Win32/UbSpyEraser potentially unwanted application cleaned by deleting
    C:\Users\Joanne\Desktop\Mike\DRIVES\Joanne\Joanne Desktop\Tools\Uniblue\powersuite.exe a variant of Win32/UbSpyEraser potentially unwanted application cleaned by deleting
    C:\Users\Joanne\Downloads\avc-free.exe a variant of Win32/FusionCore.C potentially unwanted application,a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
    C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVXVXFF1\stubinst_pkg_en-us[1].cab a variant of Win32/RealNetworks.A potentially unwanted application deleted
    C:\Users\Mike\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.11\agent\stub_data\stubinst_pkg_en-us.cab a variant of Win32/RealNetworks.A potentially unwanted application deleted
    C:\Users\Mike\Desktop\Desktop\Mike\DRIVES\Joanne\Joanne Desktop\Tools\Uniblue\powersuite.exe a variant of Win32/UbSpyEraser potentially unwanted application cleaned by deleting
    C:\Users\Mike\Downloads\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
    C:\Users\Mike\Downloads\ccsetup518.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
    C:\Users\Mike\Downloads\ccsetup520 Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
    C:\Users\Mike\Downloads\ccsetup539.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
    C:\Users\Mike\Downloads\ccsetup544.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
    C:\Users\Mike\Downloads\DeviceDoctor_Bundle.exe multiple threats,a variant of Win32/Adware.SpeedingUpMyPC.AM application,a variant of Win32/Adware.SpeedingUpMyPC.AN application,a variant of Win32/Adware.SpeedingUpMyPC.AL application,a variant of Win32/Adware.SpeedingUpMyPC.C application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application cleaned by deleting


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 39,586 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:58 PM

    Posted 10 July 2018 - 06:52 AM

    Hi,

    Yes you should clean everything identified by Eset.

    Restart the computer when done.

    Let me know what problem persists.

    #11 Tigers85

    Tigers85
    • Topic Starter

    • Members
    • 63 posts
    • OFFLINE
    •  
    • Local time:04:58 PM

    Posted 10 July 2018 - 08:52 PM

    Hello,

     

    I re-ran the ESET Scan, and apparently it did clean the items listed before, because this time it did not find anything.  I restarted the computer twice afterwards, but it is still much slower than it was just a few weeks ago.



    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 39,586 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:58 PM

    Posted 11 July 2018 - 07:30 AM

    Check the integrity of the operating system files.
    How to run sfc /Scannow
    http://support.microsoft.com/kb/929833

    When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process

    Post the contents of the sfcdetails.txt file for my review.

    Let me know if the problem persists.
    <<<>>

    #13 Tigers85

    Tigers85
    • Topic Starter

    • Members
    • 63 posts
    • OFFLINE
    •  
    • Local time:04:58 PM

    Posted 11 July 2018 - 03:57 PM

    I ran the sfc scan, and it said that it found corrupt files and was unable to repair some of them.  I have included the log file below as requested:

     

    2018-07-11 12:28:06, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:06, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:07, Info                  CSI    0000000c [SR] Verify complete
    2018-07-11 12:28:07, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:07, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:08, Info                  CSI    00000010 [SR] Verify complete
    2018-07-11 12:28:08, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:08, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:09, Info                  CSI    00000014 [SR] Verify complete
    2018-07-11 12:28:10, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:10, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:10, Info                  CSI    00000018 [SR] Verify complete
    2018-07-11 12:28:11, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:11, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:12, Info                  CSI    0000001c [SR] Verify complete
    2018-07-11 12:28:12, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:12, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:13, Info                  CSI    00000020 [SR] Verify complete
    2018-07-11 12:28:13, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:13, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:14, Info                  CSI    00000024 [SR] Verify complete
    2018-07-11 12:28:14, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:14, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:15, Info                  CSI    00000028 [SR] Verify complete
    2018-07-11 12:28:16, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:16, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:17, Info                  CSI    0000002c [SR] Verify complete
    2018-07-11 12:28:17, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:17, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:18, Info                  CSI    00000030 [SR] Verify complete
    2018-07-11 12:28:18, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:18, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:19, Info                  CSI    00000034 [SR] Verify complete
    2018-07-11 12:28:19, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:19, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:20, Info                  CSI    00000038 [SR] Verify complete
    2018-07-11 12:28:20, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:20, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:21, Info                  CSI    0000003c [SR] Verify complete
    2018-07-11 12:28:21, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:21, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:22, Info                  CSI    00000040 [SR] Verify complete
    2018-07-11 12:28:23, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:23, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:24, Info                  CSI    00000044 [SR] Verify complete
    2018-07-11 12:28:24, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:24, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:25, Info                  CSI    00000048 [SR] Verify complete
    2018-07-11 12:28:25, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:25, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:26, Info                  CSI    0000004c [SR] Verify complete
    2018-07-11 12:28:26, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:26, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:27, Info                  CSI    00000050 [SR] Verify complete
    2018-07-11 12:28:27, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:27, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:28, Info                  CSI    00000054 [SR] Verify complete
    2018-07-11 12:28:28, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:28, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:29, Info                  CSI    00000058 [SR] Verify complete
    2018-07-11 12:28:29, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:29, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:31, Info                  CSI    0000005c [SR] Verify complete
    2018-07-11 12:28:31, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:31, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:32, Info                  CSI    00000060 [SR] Verify complete
    2018-07-11 12:28:32, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:32, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:33, Info                  CSI    00000064 [SR] Verify complete
    2018-07-11 12:28:33, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:33, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:34, Info                  CSI    00000068 [SR] Verify complete
    2018-07-11 12:28:34, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:34, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:35, Info                  CSI    0000006c [SR] Verify complete
    2018-07-11 12:28:36, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:36, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:37, Info                  CSI    00000070 [SR] Verify complete
    2018-07-11 12:28:37, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:37, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:38, Info                  CSI    00000074 [SR] Verify complete
    2018-07-11 12:28:38, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:38, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:39, Info                  CSI    00000078 [SR] Verify complete
    2018-07-11 12:28:39, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:39, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:40, Info                  CSI    0000007c [SR] Verify complete
    2018-07-11 12:28:40, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:40, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:41, Info                  CSI    00000080 [SR] Verify complete
    2018-07-11 12:28:41, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:41, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:43, Info                  CSI    00000084 [SR] Verify complete
    2018-07-11 12:28:43, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:43, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:44, Info                  CSI    00000088 [SR] Verify complete
    2018-07-11 12:28:44, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:44, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:45, Info                  CSI    0000008c [SR] Verify complete
    2018-07-11 12:28:45, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:45, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:46, Info                  CSI    00000090 [SR] Verify complete
    2018-07-11 12:28:46, Info                  CSI    00000091 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:46, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:49, Info                  CSI    00000094 [SR] Verify complete
    2018-07-11 12:28:49, Info                  CSI    00000095 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:49, Info                  CSI    00000096 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:50, Info                  CSI    00000098 [SR] Verify complete
    2018-07-11 12:28:50, Info                  CSI    00000099 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:50, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:51, Info                  CSI    0000009c [SR] Verify complete
    2018-07-11 12:28:52, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:52, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:53, Info                  CSI    000000a0 [SR] Verify complete
    2018-07-11 12:28:53, Info                  CSI    000000a1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:53, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:55, Info                  CSI    000000a4 [SR] Verify complete
    2018-07-11 12:28:55, Info                  CSI    000000a5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:55, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:56, Info                  CSI    000000a8 [SR] Verify complete
    2018-07-11 12:28:56, Info                  CSI    000000a9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:56, Info                  CSI    000000aa [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:58, Info                  CSI    000000ac [SR] Verify complete
    2018-07-11 12:28:58, Info                  CSI    000000ad [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:58, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
    2018-07-11 12:28:59, Info                  CSI    000000b0 [SR] Verify complete
    2018-07-11 12:28:59, Info                  CSI    000000b1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:28:59, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:00, Info                  CSI    000000b4 [SR] Verify complete
    2018-07-11 12:29:01, Info                  CSI    000000b5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:01, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:02, Info                  CSI    000000b8 [SR] Verify complete
    2018-07-11 12:29:02, Info                  CSI    000000b9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:02, Info                  CSI    000000ba [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:03, Info                  CSI    000000bc [SR] Verify complete
    2018-07-11 12:29:03, Info                  CSI    000000bd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:03, Info                  CSI    000000be [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:05, Info                  CSI    000000c0 [SR] Verify complete
    2018-07-11 12:29:05, Info                  CSI    000000c1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:05, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:06, Info                  CSI    000000c4 [SR] Verify complete
    2018-07-11 12:29:06, Info                  CSI    000000c5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:06, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:07, Info                  CSI    000000c8 [SR] Verify complete
    2018-07-11 12:29:07, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:07, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:09, Info                  CSI    000000cc [SR] Verify complete
    2018-07-11 12:29:09, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:09, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:10, Info                  CSI    000000d0 [SR] Verify complete
    2018-07-11 12:29:10, Info                  CSI    000000d1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:10, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:11, Info                  CSI    000000d4 [SR] Verify complete
    2018-07-11 12:29:11, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:11, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:13, Info                  CSI    000000d8 [SR] Verify complete
    2018-07-11 12:29:13, Info                  CSI    000000d9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:13, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:15, Info                  CSI    000000dc [SR] Verify complete
    2018-07-11 12:29:15, Info                  CSI    000000dd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:15, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:18, Info                  CSI    000000e0 [SR] Verify complete
    2018-07-11 12:29:18, Info                  CSI    000000e1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:18, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:21, Info                  CSI    000000e4 [SR] Verify complete
    2018-07-11 12:29:21, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:21, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:24, Info                  CSI    000000e8 [SR] Verify complete
    2018-07-11 12:29:24, Info                  CSI    000000e9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:24, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:26, Info                  CSI    000000ec [SR] Verify complete
    2018-07-11 12:29:26, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:26, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:30, Info                  CSI    000000f0 [SR] Verify complete
    2018-07-11 12:29:30, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:30, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:34, Info                  CSI    000000f5 [SR] Verify complete
    2018-07-11 12:29:35, Info                  CSI    000000f6 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:35, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:39, Info                  CSI    000000fb [SR] Verify complete
    2018-07-11 12:29:39, Info                  CSI    000000fc [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:39, Info                  CSI    000000fd [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:42, Info                  CSI    000000ff [SR] Verify complete
    2018-07-11 12:29:43, Info                  CSI    00000100 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:43, Info                  CSI    00000101 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:46, Info                  CSI    00000106 [SR] Verify complete
    2018-07-11 12:29:46, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:46, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:49, Info                  CSI    0000010a [SR] Verify complete
    2018-07-11 12:29:49, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:49, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:52, Info                  CSI    0000010e [SR] Verify complete
    2018-07-11 12:29:52, Info                  CSI    0000010f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:52, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:29:57, Info                  CSI    00000132 [SR] Verify complete
    2018-07-11 12:29:57, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:29:57, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:01, Info                  CSI    00000139 [SR] Verify complete
    2018-07-11 12:30:01, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:01, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:05, Info                  CSI    0000013d [SR] Verify complete
    2018-07-11 12:30:05, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:05, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:08, Info                  CSI    00000141 [SR] Verify complete
    2018-07-11 12:30:08, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:08, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:12, Info                  CSI    00000145 [SR] Verify complete
    2018-07-11 12:30:12, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:12, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:16, Info                  CSI    00000149 [SR] Verify complete
    2018-07-11 12:30:16, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:16, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:19, Info                  CSI    0000014d [SR] Verify complete
    2018-07-11 12:30:20, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:20, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:23, Info                  CSI    00000151 [SR] Verify complete
    2018-07-11 12:30:23, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:23, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:28, Info                  CSI    00000155 [SR] Verify complete
    2018-07-11 12:30:28, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:28, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:34, Info                  CSI    00000187 [SR] Verify complete
    2018-07-11 12:30:34, Info                  CSI    00000188 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:34, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:40, Info                  CSI    0000018b [SR] Verify complete
    2018-07-11 12:30:40, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:40, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:48, Info                  CSI    0000018f [SR] Verify complete
    2018-07-11 12:30:48, Info                  CSI    00000190 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:48, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:54, Info                  CSI    00000193 [SR] Verify complete
    2018-07-11 12:30:54, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:30:54, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:30:59, Info                  CSI    00000196 [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Migration\WTR"\[l:20{10}]"GWXMig.inf" from store
    2018-07-11 12:30:59, Info                  CSI    00000197 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:18{9}]"GWXUX.exe" from store
    2018-07-11 12:30:59, Info                  CSI    00000198 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:30{15}]"GWXUXWorker.exe" from store
    2018-07-11 12:30:59, Info                  CSI    00000199 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:18{9}]"GWXUI.dll" from store
    2018-07-11 12:30:59, Info                  CSI    0000019a [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:30{15}]"GWXDetector.exe" from store
    2018-07-11 12:30:59, Info                  CSI    0000019b [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:40{20}]"GWXConfigManager.exe" from store
    2018-07-11 12:30:59, Info                  CSI    0000019c [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:14{7}]"GWX.exe" from store
    2018-07-11 12:31:00, Info                  CSI    0000019f [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:20{10}]"config.cat" from store
    2018-07-11 12:31:00, Info                  CSI    000001a0 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:20{10}]"config.dat" from store
    2018-07-11 12:31:00, Info                  CSI    000001a1 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:26{13}]"DetectorN.dat" from store
    2018-07-11 12:31:00, Info                  CSI    000001a3 [SR] Verify complete
    2018-07-11 12:31:00, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:00, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:03, Info                  CSI    000001a7 [SR] Verify complete
    2018-07-11 12:31:03, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:03, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:06, Info                  CSI    000001ab [SR] Verify complete
    2018-07-11 12:31:06, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:06, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:08, Info                  CSI    000001af [SR] Verify complete
    2018-07-11 12:31:08, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:08, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:10, Info                  CSI    000001b3 [SR] Verify complete
    2018-07-11 12:31:10, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:10, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:15, Info                  CSI    000001c0 [SR] Verify complete
    2018-07-11 12:31:15, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:15, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:19, Info                  CSI    000001cc [SR] Verify complete
    2018-07-11 12:31:19, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:19, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:21, Info                  CSI    000001d0 [SR] Verify complete
    2018-07-11 12:31:21, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:21, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:24, Info                  CSI    000001d4 [SR] Verify complete
    2018-07-11 12:31:24, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:24, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:27, Info                  CSI    000001d8 [SR] Verify complete
    2018-07-11 12:31:27, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:27, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:31, Info                  CSI    000001dd [SR] Verify complete
    2018-07-11 12:31:31, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:31, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:37, Info                  CSI    000001e2 [SR] Verify complete
    2018-07-11 12:31:38, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:38, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:40, Info                  CSI    000001e6 [SR] Verify complete
    2018-07-11 12:31:40, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:40, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:43, Info                  CSI    000001ea [SR] Verify complete
    2018-07-11 12:31:43, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:43, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:45, Info                  CSI    000001ee [SR] Verify complete
    2018-07-11 12:31:46, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:46, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:51, Info                  CSI    000001f2 [SR] Verify complete
    2018-07-11 12:31:52, Info                  CSI    000001f3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:52, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:31:56, Info                  CSI    000001f6 [SR] Verify complete
    2018-07-11 12:31:56, Info                  CSI    000001f7 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:31:56, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:00, Info                  CSI    000001fa [SR] Verify complete
    2018-07-11 12:32:00, Info                  CSI    000001fb [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:00, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:04, Info                  CSI    000001fe [SR] Verify complete
    2018-07-11 12:32:05, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:05, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:12, Info                  CSI    00000218 [SR] Verify complete
    2018-07-11 12:32:12, Info                  CSI    00000219 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:12, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:15, Info                  CSI    0000021c [SR] Verify complete
    2018-07-11 12:32:15, Info                  CSI    0000021d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:15, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:20, Info                  CSI    00000220 [SR] Verify complete
    2018-07-11 12:32:20, Info                  CSI    00000221 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:20, Info                  CSI    00000222 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:32, Info                  CSI    00000224 [SR] Verify complete
    2018-07-11 12:32:32, Info                  CSI    00000225 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:32, Info                  CSI    00000226 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:36, Info                  CSI    00000228 [SR] Verify complete
    2018-07-11 12:32:36, Info                  CSI    00000229 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:36, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:45, Info                  CSI    0000022d [SR] Verify complete
    2018-07-11 12:32:45, Info                  CSI    0000022e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:45, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:51, Info                  CSI    00000231 [SR] Verify complete
    2018-07-11 12:32:51, Info                  CSI    00000232 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:51, Info                  CSI    00000233 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:32:58, Info                  CSI    00000236 [SR] Verify complete
    2018-07-11 12:32:58, Info                  CSI    00000237 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:32:58, Info                  CSI    00000238 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:02, Info                  CSI    0000023a [SR] Verify complete
    2018-07-11 12:33:02, Info                  CSI    0000023b [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:02, Info                  CSI    0000023c [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:06, Info                  CSI    0000023e [SR] Verify complete
    2018-07-11 12:33:06, Info                  CSI    0000023f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:06, Info                  CSI    00000240 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:10, Info                  CSI    00000242 [SR] Verify complete
    2018-07-11 12:33:10, Info                  CSI    00000243 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:10, Info                  CSI    00000244 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:14, Info                  CSI    00000248 [SR] Verify complete
    2018-07-11 12:33:14, Info                  CSI    00000249 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:14, Info                  CSI    0000024a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:17, Info                  CSI    0000024c [SR] Verify complete
    2018-07-11 12:33:17, Info                  CSI    0000024d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:17, Info                  CSI    0000024e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:27, Info                  CSI    00000250 [SR] Verify complete
    2018-07-11 12:33:27, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:27, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:33, Info                  CSI    00000254 [SR] Verify complete
    2018-07-11 12:33:33, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:33, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:39, Info                  CSI    00000259 [SR] Verify complete
    2018-07-11 12:33:39, Info                  CSI    0000025a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:39, Info                  CSI    0000025b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:44, Info                  CSI    0000025d [SR] Verify complete
    2018-07-11 12:33:44, Info                  CSI    0000025e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:44, Info                  CSI    0000025f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:48, Info                  CSI    00000262 [SR] Verify complete
    2018-07-11 12:33:48, Info                  CSI    00000263 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:48, Info                  CSI    00000264 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:33:53, Info                  CSI    00000266 [SR] Verify complete
    2018-07-11 12:33:53, Info                  CSI    00000267 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:33:53, Info                  CSI    00000268 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:00, Info                  CSI    0000026b [SR] Verify complete
    2018-07-11 12:34:00, Info                  CSI    0000026c [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:00, Info                  CSI    0000026d [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:05, Info                  CSI    0000026f [SR] Verify complete
    2018-07-11 12:34:05, Info                  CSI    00000270 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:05, Info                  CSI    00000271 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:09, Info                  CSI    00000273 [SR] Verify complete
    2018-07-11 12:34:10, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:10, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:13, Info                  CSI    00000277 [SR] Verify complete
    2018-07-11 12:34:14, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:14, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:17, Info                  CSI    0000027b [SR] Verify complete
    2018-07-11 12:34:17, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:17, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:21, Info                  CSI    00000280 [SR] Verify complete
    2018-07-11 12:34:21, Info                  CSI    00000281 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:21, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:26, Info                  CSI    00000284 [SR] Verify complete
    2018-07-11 12:34:26, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:26, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:30, Info                  CSI    00000289 [SR] Verify complete
    2018-07-11 12:34:30, Info                  CSI    0000028a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:30, Info                  CSI    0000028b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:33, Info                  CSI    0000028e [SR] Verify complete
    2018-07-11 12:34:33, Info                  CSI    0000028f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:33, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:37, Info                  CSI    00000293 [SR] Verify complete
    2018-07-11 12:34:37, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:37, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:41, Info                  CSI    00000298 [SR] Verify complete
    2018-07-11 12:34:41, Info                  CSI    00000299 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:41, Info                  CSI    0000029a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:47, Info                  CSI    0000029e [SR] Verify complete
    2018-07-11 12:34:47, Info                  CSI    0000029f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:47, Info                  CSI    000002a0 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:52, Info                  CSI    000002a3 [SR] Verify complete
    2018-07-11 12:34:52, Info                  CSI    000002a4 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:52, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:34:57, Info                  CSI    000002a7 [SR] Verify complete
    2018-07-11 12:34:57, Info                  CSI    000002a8 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:34:57, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:03, Info                  CSI    000002ab [SR] Verify complete
    2018-07-11 12:35:03, Info                  CSI    000002ac [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:03, Info                  CSI    000002ad [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:09, Info                  CSI    000002b0 [SR] Verify complete
    2018-07-11 12:35:09, Info                  CSI    000002b1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:09, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:13, Info                  CSI    000002b4 [SR] Verify complete
    2018-07-11 12:35:13, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:13, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:15, Info                  CSI    000002b8 [SR] Verify complete
    2018-07-11 12:35:16, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:16, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:19, Info                  CSI    000002bc [SR] Verify complete
    2018-07-11 12:35:19, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:19, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:22, Info                  CSI    000002c0 [SR] Verify complete
    2018-07-11 12:35:22, Info                  CSI    000002c1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:22, Info                  CSI    000002c2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:26, Info                  CSI    000002c4 [SR] Verify complete
    2018-07-11 12:35:27, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:27, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:32, Info                  CSI    000002c8 [SR] Verify complete
    2018-07-11 12:35:32, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:32, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:34, Info                  CSI    000002cc [SR] Verify complete
    2018-07-11 12:35:34, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:34, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:38, Info                  CSI    000002d0 [SR] Verify complete
    2018-07-11 12:35:38, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:38, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:44, Info                  CSI    000002d4 [SR] Verify complete
    2018-07-11 12:35:44, Info                  CSI    000002d5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:44, Info                  CSI    000002d6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:35:56, Info                  CSI    000002d8 [SR] Verify complete
    2018-07-11 12:35:56, Info                  CSI    000002d9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:35:56, Info                  CSI    000002da [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:14, Info                  CSI    000002dc [SR] Verify complete
    2018-07-11 12:36:14, Info                  CSI    000002dd [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:14, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:20, Info                  CSI    000002e0 [SR] Verify complete
    2018-07-11 12:36:20, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:20, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:23, Info                  CSI    000002e4 [SR] Verify complete
    2018-07-11 12:36:23, Info                  CSI    000002e5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:23, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:27, Info                  CSI    000002e8 [SR] Verify complete
    2018-07-11 12:36:28, Info                  CSI    000002e9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:28, Info                  CSI    000002ea [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:30, Info                  CSI    000002ec [SR] Verify complete
    2018-07-11 12:36:30, Info                  CSI    000002ed [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:30, Info                  CSI    000002ee [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:33, Info                  CSI    000002f0 [SR] Verify complete
    2018-07-11 12:36:33, Info                  CSI    000002f1 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:33, Info                  CSI    000002f2 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:37, Info                  CSI    000002f4 [SR] Verify complete
    2018-07-11 12:36:37, Info                  CSI    000002f5 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:37, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:40, Info                  CSI    000002f8 [SR] Verify complete
    2018-07-11 12:36:40, Info                  CSI    000002f9 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:40, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:43, Info                  CSI    000002fc [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0409"\[l:22{11}]"diskmgt.CHM" from store
    2018-07-11 12:36:43, Info                  CSI    000002ff [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0C0A"\[l:22{11}]"diskmgt.CHM" from store
    2018-07-11 12:36:44, Info                  CSI    00000302 [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0409"\[l:22{11}]"diskmgt.CHM" from store
    2018-07-11 12:36:44, Info                  CSI    00000305 [SR] Verify complete
    2018-07-11 12:36:44, Info                  CSI    00000306 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:44, Info                  CSI    00000307 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:47, Info                  CSI    00000309 [SR] Verify complete
    2018-07-11 12:36:47, Info                  CSI    0000030a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:47, Info                  CSI    0000030b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:50, Info                  CSI    0000030d [SR] Verify complete
    2018-07-11 12:36:50, Info                  CSI    0000030e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:50, Info                  CSI    0000030f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:53, Info                  CSI    00000311 [SR] Verify complete
    2018-07-11 12:36:53, Info                  CSI    00000312 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:53, Info                  CSI    00000313 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:55, Info                  CSI    00000315 [SR] Verify complete
    2018-07-11 12:36:55, Info                  CSI    00000316 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:55, Info                  CSI    00000317 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:36:58, Info                  CSI    00000319 [SR] Verify complete
    2018-07-11 12:36:58, Info                  CSI    0000031a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:36:58, Info                  CSI    0000031b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:01, Info                  CSI    0000031d [SR] Verify complete
    2018-07-11 12:37:01, Info                  CSI    0000031e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:01, Info                  CSI    0000031f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:03, Info                  CSI    00000321 [SR] Verify complete
    2018-07-11 12:37:03, Info                  CSI    00000322 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:03, Info                  CSI    00000323 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:06, Info                  CSI    00000325 [SR] Verify complete
    2018-07-11 12:37:06, Info                  CSI    00000326 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:06, Info                  CSI    00000327 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:08, Info                  CSI    00000329 [SR] Verify complete
    2018-07-11 12:37:08, Info                  CSI    0000032a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:08, Info                  CSI    0000032b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:11, Info                  CSI    0000032d [SR] Verify complete
    2018-07-11 12:37:12, Info                  CSI    0000032e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:12, Info                  CSI    0000032f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:14, Info                  CSI    00000331 [SR] Verify complete
    2018-07-11 12:37:14, Info                  CSI    00000332 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:14, Info                  CSI    00000333 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:18, Info                  CSI    00000335 [SR] Verify complete
    2018-07-11 12:37:18, Info                  CSI    00000336 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:18, Info                  CSI    00000337 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:22, Info                  CSI    00000339 [SR] Verify complete
    2018-07-11 12:37:22, Info                  CSI    0000033a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:22, Info                  CSI    0000033b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:24, Info                  CSI    0000033d [SR] Verify complete
    2018-07-11 12:37:24, Info                  CSI    0000033e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:24, Info                  CSI    0000033f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:25, Info                  CSI    00000341 [SR] Verify complete
    2018-07-11 12:37:25, Info                  CSI    00000342 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:25, Info                  CSI    00000343 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:29, Info                  CSI    0000034e [SR] Verify complete
    2018-07-11 12:37:29, Info                  CSI    0000034f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:29, Info                  CSI    00000350 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:32, Info                  CSI    00000352 [SR] Verify complete
    2018-07-11 12:37:33, Info                  CSI    00000353 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:33, Info                  CSI    00000354 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:36, Info                  CSI    00000356 [SR] Verify complete
    2018-07-11 12:37:36, Info                  CSI    00000357 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:36, Info                  CSI    00000358 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:40, Info                  CSI    0000035a [SR] Verify complete
    2018-07-11 12:37:40, Info                  CSI    0000035b [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:40, Info                  CSI    0000035c [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:43, Info                  CSI    0000035e [SR] Verify complete
    2018-07-11 12:37:43, Info                  CSI    0000035f [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:43, Info                  CSI    00000360 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:47, Info                  CSI    00000362 [SR] Verify complete
    2018-07-11 12:37:47, Info                  CSI    00000363 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:47, Info                  CSI    00000364 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:50, Info                  CSI    00000366 [SR] Verify complete
    2018-07-11 12:37:50, Info                  CSI    00000367 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:50, Info                  CSI    00000368 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:54, Info                  CSI    0000036a [SR] Verify complete
    2018-07-11 12:37:54, Info                  CSI    0000036b [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:54, Info                  CSI    0000036c [SR] Beginning Verify and Repair transaction
    2018-07-11 12:37:59, Info                  CSI    0000036f [SR] Verify complete
    2018-07-11 12:37:59, Info                  CSI    00000370 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:37:59, Info                  CSI    00000371 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:03, Info                  CSI    00000373 [SR] Verify complete
    2018-07-11 12:38:03, Info                  CSI    00000374 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:03, Info                  CSI    00000375 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:05, Info                  CSI    00000377 [SR] Verify complete
    2018-07-11 12:38:05, Info                  CSI    00000378 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:05, Info                  CSI    00000379 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:10, Info                  CSI    0000037b [SR] Verify complete
    2018-07-11 12:38:10, Info                  CSI    0000037c [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:10, Info                  CSI    0000037d [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:22, Info                  CSI    00000382 [SR] Verify complete
    2018-07-11 12:38:22, Info                  CSI    00000383 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:22, Info                  CSI    00000384 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:29, Info                  CSI    00000387 [SR] Verify complete
    2018-07-11 12:38:30, Info                  CSI    00000388 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:30, Info                  CSI    00000389 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:34, Info                  CSI    0000038d [SR] Verify complete
    2018-07-11 12:38:35, Info                  CSI    0000038e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:35, Info                  CSI    0000038f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:40, Info                  CSI    0000039c [SR] Verify complete
    2018-07-11 12:38:40, Info                  CSI    0000039d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:40, Info                  CSI    0000039e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:46, Info                  CSI    000003a2 [SR] Verify complete
    2018-07-11 12:38:46, Info                  CSI    000003a3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:46, Info                  CSI    000003a4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:50, Info                  CSI    000003a9 [SR] Verify complete
    2018-07-11 12:38:51, Info                  CSI    000003aa [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:51, Info                  CSI    000003ab [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:55, Info                  CSI    000003ad [SR] Verify complete
    2018-07-11 12:38:55, Info                  CSI    000003ae [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:55, Info                  CSI    000003af [SR] Beginning Verify and Repair transaction
    2018-07-11 12:38:58, Info                  CSI    000003b3 [SR] Verify complete
    2018-07-11 12:38:58, Info                  CSI    000003b4 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:38:58, Info                  CSI    000003b5 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:01, Info                  CSI    000003b7 [SR] Verify complete
    2018-07-11 12:39:02, Info                  CSI    000003b8 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:02, Info                  CSI    000003b9 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:06, Info                  CSI    000003de [SR] Verify complete
    2018-07-11 12:39:06, Info                  CSI    000003df [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:06, Info                  CSI    000003e0 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:10, Info                  CSI    000003e2 [SR] Verify complete
    2018-07-11 12:39:10, Info                  CSI    000003e3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:10, Info                  CSI    000003e4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:14, Info                  CSI    000003e6 [SR] Verify complete
    2018-07-11 12:39:14, Info                  CSI    000003e7 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:14, Info                  CSI    000003e8 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:17, Info                  CSI    000003ea [SR] Verify complete
    2018-07-11 12:39:17, Info                  CSI    000003eb [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:17, Info                  CSI    000003ec [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:21, Info                  CSI    000003ee [SR] Verify complete
    2018-07-11 12:39:21, Info                  CSI    000003ef [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:21, Info                  CSI    000003f0 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:24, Info                  CSI    000003f2 [SR] Verify complete
    2018-07-11 12:39:24, Info                  CSI    000003f3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:24, Info                  CSI    000003f4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:28, Info                  CSI    00000404 [SR] Verify complete
    2018-07-11 12:39:29, Info                  CSI    00000405 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:29, Info                  CSI    00000406 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:37, Info                  CSI    00000408 [SR] Verify complete
    2018-07-11 12:39:37, Info                  CSI    00000409 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:37, Info                  CSI    0000040a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:40, Info                  CSI    00000410 [SR] Verify complete
    2018-07-11 12:39:41, Info                  CSI    00000411 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:41, Info                  CSI    00000412 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:45, Info                  CSI    0000041c [SR] Verify complete
    2018-07-11 12:39:45, Info                  CSI    0000041d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:45, Info                  CSI    0000041e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:47, Info                  CSI    00000420 [SR] Verify complete
    2018-07-11 12:39:47, Info                  CSI    00000421 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:47, Info                  CSI    00000422 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:51, Info                  CSI    00000425 [SR] Verify complete
    2018-07-11 12:39:51, Info                  CSI    00000426 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:51, Info                  CSI    00000427 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:54, Info                  CSI    00000429 [SR] Verify complete
    2018-07-11 12:39:54, Info                  CSI    0000042a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:54, Info                  CSI    0000042b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:39:57, Info                  CSI    0000042d [SR] Verify complete
    2018-07-11 12:39:57, Info                  CSI    0000042e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:39:57, Info                  CSI    0000042f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:02, Info                  CSI    00000431 [SR] Verify complete
    2018-07-11 12:40:02, Info                  CSI    00000432 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:02, Info                  CSI    00000433 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:06, Info                  CSI    00000435 [SR] Verify complete
    2018-07-11 12:40:06, Info                  CSI    00000436 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:06, Info                  CSI    00000437 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:10, Info                  CSI    00000439 [SR] Verify complete
    2018-07-11 12:40:10, Info                  CSI    0000043a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:10, Info                  CSI    0000043b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:15, Info                  CSI    0000043d [SR] Verify complete
    2018-07-11 12:40:15, Info                  CSI    0000043e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:15, Info                  CSI    0000043f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:20, Info                  CSI    00000459 [SR] Verify complete
    2018-07-11 12:40:20, Info                  CSI    0000045a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:20, Info                  CSI    0000045b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:24, Info                  CSI    0000045d [SR] Verify complete
    2018-07-11 12:40:24, Info                  CSI    0000045e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:24, Info                  CSI    0000045f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:36, Info                  CSI    00000461 [SR] Verify complete
    2018-07-11 12:40:36, Info                  CSI    00000462 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:36, Info                  CSI    00000463 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:40, Info                  CSI    00000465 [SR] Verify complete
    2018-07-11 12:40:40, Info                  CSI    00000466 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:40, Info                  CSI    00000467 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:43, Info                  CSI    00000469 [SR] Verify complete
    2018-07-11 12:40:43, Info                  CSI    0000046a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:43, Info                  CSI    0000046b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:46, Info                  CSI    0000046f [SR] Verify complete
    2018-07-11 12:40:47, Info                  CSI    00000470 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:47, Info                  CSI    00000471 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:49, Info                  CSI    00000473 [SR] Verify complete
    2018-07-11 12:40:49, Info                  CSI    00000474 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:49, Info                  CSI    00000475 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:52, Info                  CSI    00000477 [SR] Verify complete
    2018-07-11 12:40:53, Info                  CSI    00000478 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:53, Info                  CSI    00000479 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:40:56, Info                  CSI    0000047b [SR] Verify complete
    2018-07-11 12:40:56, Info                  CSI    0000047c [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:40:56, Info                  CSI    0000047d [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:00, Info                  CSI    0000047f [SR] Verify complete
    2018-07-11 12:41:00, Info                  CSI    00000480 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:00, Info                  CSI    00000481 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:03, Info                  CSI    00000483 [SR] Verify complete
    2018-07-11 12:41:04, Info                  CSI    00000484 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:04, Info                  CSI    00000485 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:07, Info                  CSI    00000488 [SR] Verify complete
    2018-07-11 12:41:07, Info                  CSI    00000489 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:07, Info                  CSI    0000048a [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:10, Info                  CSI    0000048c [SR] Verify complete
    2018-07-11 12:41:11, Info                  CSI    0000048d [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:11, Info                  CSI    0000048e [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:14, Info                  CSI    00000490 [SR] Verify complete
    2018-07-11 12:41:14, Info                  CSI    00000491 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:14, Info                  CSI    00000492 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:18, Info                  CSI    00000495 [SR] Verify complete
    2018-07-11 12:41:18, Info                  CSI    00000496 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:18, Info                  CSI    00000497 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:22, Info                  CSI    00000499 [SR] Verify complete
    2018-07-11 12:41:23, Info                  CSI    0000049a [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:23, Info                  CSI    0000049b [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:28, Info                  CSI    0000049d [SR] Verify complete
    2018-07-11 12:41:28, Info                  CSI    0000049e [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:28, Info                  CSI    0000049f [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:32, Info                  CSI    000004a2 [SR] Verify complete
    2018-07-11 12:41:32, Info                  CSI    000004a3 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:32, Info                  CSI    000004a4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:36, Info                  CSI    000004a6 [SR] Verify complete
    2018-07-11 12:41:36, Info                  CSI    000004a7 [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:36, Info                  CSI    000004a8 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:40, Info                  CSI    000004aa [SR] Verify complete
    2018-07-11 12:41:40, Info                  CSI    000004ab [SR] Verifying 100 (0x0000000000000064) components
    2018-07-11 12:41:40, Info                  CSI    000004ac [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:44, Info                  CSI    000004ae [SR] Verify complete
    2018-07-11 12:41:44, Info                  CSI    000004af [SR] Verifying 86 (0x0000000000000056) components
    2018-07-11 12:41:44, Info                  CSI    000004b0 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:47, Info                  CSI    000004b2 [SR] Verify complete
    2018-07-11 12:41:47, Info                  CSI    000004b3 [SR] Repairing 5 components
    2018-07-11 12:41:47, Info                  CSI    000004b4 [SR] Beginning Verify and Repair transaction
    2018-07-11 12:41:48, Info                  CSI    000004b5 [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Migration\WTR"\[l:20{10}]"GWXMig.inf" from store
    2018-07-11 12:41:48, Info                  CSI    000004b6 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:18{9}]"GWXUX.exe" from store
    2018-07-11 12:41:48, Info                  CSI    000004b7 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:30{15}]"GWXUXWorker.exe" from store
    2018-07-11 12:41:48, Info                  CSI    000004b8 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:18{9}]"GWXUI.dll" from store
    2018-07-11 12:41:48, Info                  CSI    000004b9 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:30{15}]"GWXDetector.exe" from store
    2018-07-11 12:41:48, Info                  CSI    000004ba [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:40{20}]"GWXConfigManager.exe" from store
    2018-07-11 12:41:48, Info                  CSI    000004bb [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:14{7}]"GWX.exe" from store
    2018-07-11 12:41:48, Info                  CSI    000004bd [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0409"\[l:22{11}]"diskmgt.CHM" from store
    2018-07-11 12:41:48, Info                  CSI    000004c0 [SR] Repairing corrupted file [ml:520{260},l:56{28}]"\??\C:\Windows\Help\mui\0C0A"\[l:22{11}]"diskmgt.CHM" from store
    2018-07-11 12:41:48, Info                  CSI    000004c2 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:20{10}]"config.cat" from store
    2018-07-11 12:41:48, Info                  CSI    000004c3 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:20{10}]"config.dat" from store
    2018-07-11 12:41:48, Info                  CSI    000004c4 [SR] Repairing corrupted file [ml:520{260},l:54{27}]"\??\C:\Windows\System32\GWX"\[l:26{13}]"DetectorN.dat" from store
    2018-07-11 12:41:48, Info                  CSI    000004c6 [SR] Repair complete
    2018-07-11 12:41:48, Info                  CSI    000004c7 [SR] Committing transaction
    2018-07-11 12:41:48, Info                  CSI    000004cb [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired


    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 39,586 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:05:58 PM

    Posted 12 July 2018 - 07:30 AM

    Hi,

    Last instructions on the the log.

    2018-07-11 12:41:48, Info CSI 000004cb [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


    The repairs were done. When it says repairing from store that means the the good file was found and the file were replaced from previous updates.
    ===

    You have used MSCONFIG to disable the HP Software update.
    MSCONFIG\startupreg: HP Software Update => c:\program files (x86)\hp\hp software update\hpwuschd2.exe

    Please enable it and check for any drivers that needs to be updated.

    Keep me posted.

    #15 Tigers85

    Tigers85
    • Topic Starter

    • Members
    • 63 posts
    • OFFLINE
    •  
    • Local time:04:58 PM

    Posted 12 July 2018 - 11:50 AM

    I went to the location you identified, and right-clicked on the file to run as administrator.  I couldn't tell if anything happened or not, should I be able to tell?  Also, what would you suggest is the best method for checking drivers for possible updates?

     

    I will be away from the computer we are working on until Sunday evening, or possibly Monday evening, but will reply to your next post when I return.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users