Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware-Unable to open Microsoft Store

Microsoft store Microsoft collection solitair

  • This topic is locked This topic is locked

#1
opalchance

opalchance

    Member

  • Member
  • PipPip
  • 16 posts

I have a Toshiba Satellite Windows 8.1 64 bit

 

My Microsoft Solitaire Collection crashed.  I was unable to uninstall, or reinstall it (kept saying it was already on my computer).  I checked my computer for updates, did a virus scan, and tried the WSreset.exe tool.    Now when I try to open the Store, it gets stuck and the indicator just keeps spinning.  

 

I've run my Norton virus program and I'm still having problems. I've researched multiple sites and unable to find a solution.  I'm wondering if there is a virus or some kind of malware that caused the problem to start.  It's embarrassing to ask for help on Solitaire but now it's involving using the Microsoft Store so maybe you won't think I'm being silly.  =)

 

Below are results from running the Farbar Recovery Scan Tool:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Ruth Cox (administrator) on LAPTOP (10-04-2018 18:50:18)
Running from C:\Users\Ruth Cox\Desktop
Loaded Profiles: Ruth Cox (Available Profiles: Ruth Cox)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\nortonsecurity.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\nortonsecurity.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgconverter.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywherePlayer\DishAnywherePlayer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywherePlayer\DishAnywherePlayer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sling Media Inc.) C:\Program Files (x86)\DishAnywherePlayer\DishAnywherePlayer.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3642688 2018-04-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353104 2017-12-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1268048 2017-11-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\RunOnce: [Uninstall C:\Users\Ruth Cox\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ruth Cox\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs: L,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-04-16] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-04-16] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-12-21]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2016-01-10]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Ruth Cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DishAnywherePlayerShortcut.lnk [2018-02-10]
ShortcutTarget: DishAnywherePlayerShortcut.lnk -> C:\Program Files (x86)\DishAnywherePlayer\DishAnywherePlayer.exe (Sling Media Inc.)
Startup: C:\Users\Ruth Cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DC68496-32D9-4F94-8E0C-144FA74D16AF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D6A3F885-8A29-496F-8E90-6B06DD605AB8}: [DhcpNameServer] 12.127.16.68 216.57.128.2 12.127.17.77 216.57.130.1 12.127.16.77
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-269484382-2649728555-3287885270-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {326663F1-FEE5-4321-8C88-A9422207DD4A} URL = 
SearchScopes: HKU\S-1-5-21-269484382-2649728555-3287885270-1001 -> DefaultScope {2AB29226-A0EA-43AC-9C1F-819D1999B015} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US1214D20150312&p={searchTerms}
SearchScopes: HKU\S-1-5-21-269484382-2649728555-3287885270-1001 -> {2AB29226-A0EA-43AC-9C1F-819D1999B015} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US1214D20150312&p={searchTerms}
SearchScopes: HKU\S-1-5-21-269484382-2649728555-3287885270-1001 -> {326663F1-FEE5-4321-8C88-A9422207DD4A} URL = 
SearchScopes: HKU\S-1-5-21-269484382-2649728555-3287885270-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=US&ver=22.12.1.15&locale=en_US&guid=90B5A70A-9E04-4E00-8459-4F6DAA56A601&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-11-29] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-26] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\coIEPlg.dll [2018-03-02] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-26] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-11-29] (RealDownloader)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.12.1.15\coIEPlg.dll [2018-03-02] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\coIEPlg.dll [2018-03-02] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.12.1.15\coIEPlg.dll [2018-03-02] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-269484382-2649728555-3287885270-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\coIEPlg.dll [2018-03-02] (Symantec Corporation)
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://vportal.cityofmedford.org/+CSCOL+/csvrloader32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: y6jq8bda.default
FF ProfilePath: C:\Users\Ruth Cox\AppData\Roaming\Mozilla\Firefox\Profiles\y6jq8bda.default [2018-03-13]
FF Extension: (NetExtender Launcher ) - C:\Users\Ruth Cox\AppData\Roaming\Mozilla\Firefox\Profiles\y6jq8bda.default\Extensions\[email protected] [2016-06-28] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-14] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-12-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.10.217 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-12-21] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-04-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-269484382-2649728555-3287885270-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\Ruth Cox\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default [2018-04-10]
CHR Extension: (Docs) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-03-17]
CHR Extension: (Google Search) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (DISH Anywhere Chrome Video Player) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiogfjcmcooikkpemeppajhnmpeekgf [2017-07-14]
CHR Extension: (Gmail) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-20]
CHR Profile: C:\Users\Ruth Cox\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-269484382-2649728555-3287885270-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-04-09] (Dropbox, Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NortonSecurity; C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\NortonSecurity.exe [328712 2018-03-02] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [37104 2017-11-29] (RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [989912 2017-12-21] (RealNetworks, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-04-16] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-04-16] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-03-12] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [471520 2016-04-16] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-04-16] (Sophos Limited)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20180409.001\BHDrvx64.sys [1879632 2018-02-10] (Symantec Corporation)
R1 ccSet_NGC; C:\Windows\system32\drivers\NGCx64\160C010.00F\ccSetx64.sys [187544 2018-03-02] (Symantec Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-04-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-01-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20180409.061\IDSvia64.sys [1299024 2018-04-10] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
S3 NxDrv; C:\Windows\system32\DRIVERS\NxDrv.sys [24264 2012-11-04] (SonicWALL Inc.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-04-16] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2016-04-16] (Sophos Limited)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2016-04-16] (Sophos Limited)
R1 SRTSP; C:\Windows\System32\Drivers\NGCx64\160C010.00F\SRTSP64.SYS [817816 2018-03-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NGCx64\160C010.00F\SRTSPX64.SYS [49304 2018-03-02] (Symantec Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-04-18] (Sophos Limited)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\160C010.00F\SYMEFASI64.SYS [1942168 2018-03-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\160C010.00F\SymELAM.sys [24608 2018-03-02] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102552 2018-02-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NGCx64\160C010.00F\Ironx64.SYS [307864 2018-03-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NGCx64\160C010.00F\SYMNETS.SYS [566936 2018-03-02] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160624.021\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-10 18:50 - 2018-04-10 18:50 - 000030235 _____ C:\Users\Ruth Cox\Desktop\FRST.txt
2018-04-10 18:47 - 2018-04-10 18:48 - 002403328 _____ (Farbar) C:\Users\Ruth Cox\Desktop\FRST64.exe
2018-04-10 16:00 - 2018-04-10 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-04-10 09:48 - 2018-04-10 09:48 - 000304140 _____ C:\Users\Ruth Cox\Desktop\message-rfc822-attachment (1)
2018-04-10 06:51 - 2018-04-10 06:51 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-04-10 06:38 - 2018-04-10 06:38 - 000004102 _____ C:\Windows\System32\Tasks\ActiveSync-SystemMechanic
2018-04-10 06:38 - 2018-04-10 06:38 - 000004058 _____ C:\Windows\System32\Tasks\ActiveMessenger-SystemMechanic
2018-04-10 06:38 - 2018-04-10 06:38 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\iolo
2018-04-10 06:38 - 2018-04-10 06:38 - 000000000 ____D C:\ProgramData\Phoenix360
2018-04-10 06:38 - 2018-04-10 06:38 - 000000000 ____D C:\Program Files\Common Files\iolo
2018-04-10 06:37 - 2018-04-10 06:37 - 000001822 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2018-04-10 06:37 - 2018-04-10 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2018-04-10 06:37 - 2018-04-10 06:37 - 000000000 ____D C:\ProgramData\iolo
2018-04-10 06:37 - 2018-04-10 06:37 - 000000000 ____D C:\Program Files (x86)\Phoenix360
2018-04-10 06:35 - 2018-04-10 06:35 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\Downloaded Installations
2018-04-10 06:28 - 2018-04-10 06:28 - 000002327 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-10 06:28 - 2018-04-10 06:28 - 000002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-10 06:26 - 2018-04-10 06:26 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-10 06:26 - 2018-04-10 06:26 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-09 20:08 - 2018-04-09 20:08 - 000522710 _____ C:\Users\Ruth Cox\Desktop\apps.diagcab
2018-04-09 03:17 - 2018-04-09 03:17 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-04-09 03:17 - 2018-04-09 03:17 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-04-09 03:17 - 2018-04-09 03:17 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-04-09 03:17 - 2018-04-09 03:17 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-04-07 14:43 - 2018-04-08 19:37 - 000000000 ____D C:\yard
2018-03-24 10:49 - 2018-03-24 10:49 - 004636087 _____ C:\Users\Ruth Cox\Desktop\Testimony Guidelines.pdf
2018-03-17 19:32 - 2018-03-02 11:55 - 000834552 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-17 19:32 - 2018-03-02 11:55 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-15 07:24 - 2018-02-14 14:45 - 000145024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-15 07:24 - 2018-02-13 07:20 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-15 07:24 - 2018-02-13 07:20 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-15 07:24 - 2018-02-13 07:20 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-15 07:19 - 2018-02-16 08:45 - 025742848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-03-15 07:19 - 2018-02-16 08:19 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-03-15 07:19 - 2018-02-10 09:57 - 015281664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-03-15 07:18 - 2018-03-03 00:24 - 007407960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-15 07:18 - 2018-03-03 00:24 - 000419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-03-15 07:18 - 2018-03-03 00:11 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-15 07:18 - 2018-03-03 00:11 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-15 07:18 - 2018-03-03 00:11 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-15 07:18 - 2018-03-03 00:11 - 001500432 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-15 07:18 - 2018-03-03 00:11 - 001371352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-03-15 07:18 - 2018-03-02 22:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-03-15 07:18 - 2018-02-18 13:53 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-15 07:18 - 2018-02-16 08:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-03-15 07:18 - 2018-02-16 08:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-03-15 07:18 - 2018-02-16 08:44 - 013678080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-03-15 07:18 - 2018-02-16 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-03-15 07:18 - 2018-02-16 07:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-03-15 07:18 - 2018-02-16 07:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-03-15 07:18 - 2018-02-15 08:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-03-15 07:18 - 2018-02-15 07:57 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-03-15 07:18 - 2018-02-10 13:24 - 000178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-15 07:18 - 2018-02-10 12:29 - 000274272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-15 07:18 - 2018-02-10 12:29 - 000124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-03-15 07:18 - 2018-02-10 12:29 - 000065888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-03-15 07:18 - 2018-02-10 12:29 - 000062304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-03-15 07:18 - 2018-02-10 12:29 - 000021856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-15 07:18 - 2018-02-10 12:29 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-03-15 07:18 - 2018-02-10 12:25 - 000533856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-15 07:18 - 2018-02-10 12:08 - 001307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-15 07:18 - 2018-02-10 12:06 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-15 07:18 - 2018-02-10 10:50 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-15 07:18 - 2018-02-10 10:40 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-03-15 07:18 - 2018-02-10 10:40 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-03-15 07:18 - 2018-02-10 10:37 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-03-15 07:18 - 2018-02-10 10:27 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-03-15 07:18 - 2018-02-10 10:26 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-15 07:18 - 2018-02-10 10:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-03-15 07:18 - 2018-02-10 10:10 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-03-15 07:18 - 2018-02-10 10:09 - 003757056 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-15 07:18 - 2018-02-10 10:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-03-15 07:18 - 2018-02-10 10:03 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-03-15 07:18 - 2018-02-10 10:01 - 000617472 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-15 07:18 - 2018-02-10 10:00 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-03-15 07:18 - 2018-02-10 09:59 - 000404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-15 07:18 - 2018-02-10 09:54 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-03-15 07:18 - 2018-02-10 09:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-03-15 07:18 - 2018-02-10 09:50 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-03-15 07:18 - 2018-02-10 09:48 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-15 07:18 - 2018-02-10 09:47 - 002134016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-03-15 07:18 - 2018-02-10 09:46 - 002412544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-15 07:18 - 2018-02-10 09:44 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-15 07:18 - 2018-02-10 09:43 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-15 07:18 - 2018-02-10 09:40 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-03-15 07:18 - 2018-02-10 09:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-03-15 07:18 - 2018-02-10 09:34 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-03-15 07:18 - 2018-02-10 09:33 - 002058240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-03-15 07:18 - 2018-02-10 09:33 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-15 07:18 - 2018-02-10 09:29 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-15 07:18 - 2018-02-10 09:23 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-03-15 07:18 - 2018-02-10 09:11 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-03-15 07:18 - 2018-02-08 10:37 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-03-15 07:18 - 2018-02-08 09:57 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-03-15 07:18 - 2018-02-02 13:42 - 003320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-15 07:18 - 2018-02-02 12:24 - 003610112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-15 07:18 - 2018-01-26 12:04 - 001115648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-03-15 07:18 - 2018-01-12 11:18 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-03-15 07:18 - 2018-01-12 10:26 - 000393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-03-15 07:18 - 2018-01-11 11:39 - 000163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2018-03-15 07:18 - 2018-01-11 11:39 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2018-03-15 07:18 - 2018-01-11 11:34 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2018-03-15 07:18 - 2018-01-11 11:28 - 001562624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2018-03-15 07:18 - 2018-01-11 11:19 - 002364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2018-03-15 07:18 - 2018-01-11 11:10 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2018-03-15 07:18 - 2018-01-11 11:10 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2018-03-15 07:18 - 2018-01-11 11:04 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2018-03-15 07:18 - 2018-01-11 10:55 - 002003456 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2018-03-15 07:18 - 2018-01-11 10:42 - 002923520 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2018-03-15 07:18 - 2018-01-11 10:13 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-03-15 07:18 - 2018-01-10 07:48 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-03-15 07:18 - 2018-01-09 00:04 - 000276312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-03-15 07:18 - 2018-01-08 23:09 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2018-03-15 07:18 - 2018-01-08 23:06 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2018-03-15 07:18 - 2018-01-08 22:35 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2018-03-15 07:18 - 2018-01-08 22:35 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-03-15 07:18 - 2018-01-08 22:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2018-03-15 07:18 - 2018-01-08 22:29 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2018-03-15 07:18 - 2018-01-08 22:19 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2018-03-15 07:18 - 2018-01-08 22:09 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-03-15 07:18 - 2018-01-08 22:05 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-03-15 07:18 - 2018-01-08 21:59 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-03-15 07:18 - 2018-01-08 21:49 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2018-03-15 07:18 - 2018-01-08 21:46 - 001096192 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-03-15 07:18 - 2018-01-08 21:39 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-03-15 07:17 - 2018-03-02 22:23 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-03-15 07:17 - 2018-02-16 08:28 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-03-15 07:17 - 2018-02-16 08:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-03-15 07:17 - 2018-02-10 09:58 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-03-15 07:17 - 2018-02-10 09:50 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-03-15 07:17 - 2018-02-10 09:39 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-03-15 07:17 - 2018-02-10 09:34 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-03-15 07:17 - 2018-02-10 09:30 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-15 07:17 - 2018-02-10 09:12 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-03-15 07:17 - 2018-02-10 09:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-03-14 06:31 - 2018-04-10 06:29 - 000004464 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-10 18:50 - 2017-01-26 08:47 - 000000000 ____D C:\FRST
2018-04-10 18:03 - 2015-09-05 21:43 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-10 18:03 - 2015-03-12 18:29 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-269484382-2649728555-3287885270-1001
2018-04-10 16:17 - 2015-03-14 09:14 - 000000000 ____D C:\Excel
2018-04-10 16:01 - 2015-09-05 21:43 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-04-10 15:58 - 2015-03-12 18:46 - 000003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{97CF3C0A-3138-4654-8D14-BA0CC4B48031}
2018-04-10 10:21 - 2015-03-14 09:47 - 000000000 __RDO C:\Users\Ruth Cox\OneDrive
2018-04-10 10:20 - 2015-09-05 21:43 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-10 10:20 - 2015-03-12 18:21 - 000000000 ____D C:\Users\Ruth Cox
2018-04-10 10:15 - 2018-03-09 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-04-10 10:15 - 2015-10-24 10:39 - 000002334 _____ C:\Users\Public\Desktop\Norton Security.lnk
2018-04-10 10:15 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-10 09:34 - 2013-08-22 08:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-10 09:34 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness
2018-04-10 06:56 - 2015-03-14 09:13 - 000000000 ____D C:\Recipes
2018-04-10 06:37 - 2014-11-17 21:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-10 06:29 - 2015-08-31 06:35 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 06:27 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 06:27 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 06:26 - 2015-03-14 10:23 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-10 06:26 - 2015-03-14 10:22 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\Deployment
2018-04-10 06:23 - 2015-03-16 11:23 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\Adobe
2018-04-09 21:33 - 2015-03-16 08:15 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-04-09 21:33 - 2013-08-22 08:36 - 000000000 __RSD C:\Windows\Media
2018-04-09 21:33 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-09 21:33 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2018-04-09 21:32 - 2015-03-12 18:23 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\Packages
2018-04-09 21:31 - 2015-04-06 10:11 - 000000000 ____D C:\ProgramData\pdf995
2018-04-09 21:31 - 2015-02-04 12:56 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-09 21:30 - 2018-02-26 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2017
2018-04-09 21:30 - 2015-10-24 10:36 - 000000000 ____D C:\ProgramData\Norton
2018-04-09 21:17 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\registration
2018-04-09 21:10 - 2015-12-24 22:17 - 000000000 ____D C:\ProgramData\Real
2018-04-09 20:10 - 2015-05-16 07:24 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\ElevatedDiagnostics
2018-04-09 09:17 - 2017-03-20 08:23 - 000000000 ____D C:\Ethel
2018-04-09 09:13 - 2015-12-01 20:12 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\CrashDumps
2018-04-08 19:37 - 2017-02-01 10:14 - 000000000 ____D C:\DoTerra Orders
2018-04-07 07:42 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2018-04-05 16:33 - 2017-01-11 14:50 - 000000000 ____D C:\Kevin Younker
2018-04-05 16:32 - 2017-10-20 07:56 - 000000000 ____D C:\Kevin
2018-03-29 18:18 - 2015-09-05 21:43 - 000000000 ____D C:\Users\Ruth Cox\AppData\Local\Dropbox
2018-03-24 17:17 - 2011-12-18 14:36 - 000000000 ____D C:\New Beginnings
2018-03-22 10:01 - 2018-02-26 15:51 - 000000000 ____D C:\Taxes 2017
2018-03-22 09:52 - 2018-02-26 15:07 - 000000000 ____D C:\Taxes 2016
2018-03-19 20:19 - 2017-07-27 06:30 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-269484382-2649728555-3287885270-1001
2018-03-19 20:18 - 2016-04-26 06:13 - 000002318 _____ C:\Users\Ruth Cox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-03-19 12:47 - 2014-03-18 02:53 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-18 07:18 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache
2018-03-17 19:29 - 2013-08-22 07:44 - 000425408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-17 17:37 - 2013-08-22 06:25 - 000524288 ___SH C:\Windows\system32\config\BBI
2018-03-17 17:32 - 2015-03-16 08:15 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-17 17:32 - 2013-08-22 08:36 - 000000000 ___RD C:\Windows\ToastData
2018-03-15 09:39 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2018-03-15 09:38 - 2015-03-16 07:59 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 09:31 - 2017-10-13 09:26 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 09:31 - 2015-03-16 07:58 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 07:34 - 2015-03-14 09:08 - 000000000 ____D C:\knitting
2018-03-13 06:53 - 2015-03-14 09:14 - 000000000 ____D C:\Work
2018-03-11 21:00 - 2015-03-13 21:52 - 000000564 _____ C:\Windows\Tasks\Weekly Scan.job
 
==================== Files in the root of some directories =======
 
2017-11-14 12:09 - 2017-11-14 12:09 - 007649280 _____ () C:\Program Files (x86)\GUT7568.tmp
2016-12-16 10:10 - 2017-01-14 14:49 - 000000132 _____ () C:\Users\Ruth Cox\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-01-14 16:36 - 2017-01-14 16:36 - 000001456 _____ () C:\Users\Ruth Cox\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-10-14 20:36 - 2017-10-14 20:36 - 000000000 _____ () C:\Users\Ruth Cox\AppData\Local\{91B32276-1EA7-4B6A-80F1-AAE276AD2188}
 
Some files in TEMP:
====================
2018-03-17 17:30 - 2018-02-23 12:33 - 000186688 _____ (RealNetworks, Inc.) C:\Users\Ruth Cox\AppData\Local\Temp\lowproc.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-03 08:22
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Ruth Cox (10-04-2018 18:50:59)
Running from C:\Users\Ruth Cox\Desktop
Windows 8.1 (Update) (X64) (2015-03-13 01:20:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-269484382-2649728555-3287885270-500 - Administrator - Disabled)
Guest (S-1-5-21-269484382-2649728555-3287885270-501 - Limited - Disabled)
Ruth Cox (S-1-5-21-269484382-2649728555-3287885270-1001 - Administrator - Enabled) => C:\Users\Ruth Cox
SophosSAULaptop0 (S-1-5-21-269484382-2649728555-3287885270-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AV: Norton Security (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Norton Security (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1600 (HKLM-x32\...\{9515366E-62D5-40FB-B12F-35EB263106BF}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
1600_Help (HKLM-x32\...\{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1600Trb (HKLM-x32\...\{EA79DC46-98B0-4A26-A76F-448A032E5E4D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DISH Anywhere Player Installer (HKLM-x32\...\{50CFCCE7-F224-45B4-AB00-4565917DD991}) (Version: 2.1.6.429 - Sling Media) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere)
DishAnywherePlayer (HKLM-x32\...\{24f1791c-8ea2-4330-bd4e-38fc77ae3931}) (Version: 2.1.6.429 - Sling Media)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 47.4.74 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2017 (HKLM-x32\...\{191D85BA-E6EA-4F97-8D2A-76A220043D87}) (Version: 17.05.7601 - HRB Technology, LLC.)
H&R Block Oregon 2014 (HKLM-x32\...\{F21CF983-6C86-4086-B34E-3ACF4972126D}) (Version: 1.14.4501 - HRB Technology, LLC.)
H&R Block Oregon 2017 (HKLM-x32\...\{C81BBB0C-DBA5-43F3-BD14-51A0792C3CCA}) (Version: 1.17.4401 - H&R Block, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel® Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (HKLM-x32\...\WTA-4a0a2401-dccc-4e12-8460-59847c7c43bc) (Version: 3.0.2.48 - WildTangent) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Security (HKLM-x32\...\NGC) (Version: 22.12.1.15 - Symantec Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
RealDownloader (HKLM-x32\...\{EAC491EB-9FD9-4B6A-A277-047C7DE2C4B4}) (Version: 18.1.10.217 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.10 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlingPlayer for Web (HKLM-x32\...\{7A2A3C57-B5C9-4E2D-A8E6-8406B78750CA}) (Version: 2.4.0152 - Sling Media)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation) Hidden
Snagit 12 (HKLM-x32\...\{ec29af82-9c9e-420e-ab18-53821c36ac3c}) (Version: 12.4.1.3036 - TechSmith Corporation)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.1.47 - iolo technologies, LLC)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-269484382-2649728555-3287885270-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Ruth Cox\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-03-06] (iolo technologies, LLC)
ContextMenuHandlers1: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-04-16] (Sophos Limited)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\NavShExt.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers2: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-04-16] (Sophos Limited)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\NavShExt.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-12-21] (RealNetworks, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2018-03-06] (iolo technologies, LLC)
ContextMenuHandlers4: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-04-16] (Sophos Limited)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 12\DLLx64\SnagitShellExt64.dll [2015-08-14] (TechSmith Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-04-09] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-03-26] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\buShell.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers6: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2016-04-16] (Sophos Limited)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\NavShExt.dll [2018-03-02] (Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-07-22] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074D356A-96BD-4B41-B876-ACB10BA3B1C2} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\RealDownloader\downloader2.exe [2017-11-29] ()
Task: {0E727C38-974B-4EA0-B24F-723E58E7703F} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {1451E7D8-C87B-451C-B136-99CFFA4988C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {14F16598-B334-47D7-A449-3F2BC5E11C57} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\WSCStub.exe [2018-03-02] (Symantec Corporation)
Task: {245AE787-2587-48EF-8655-D902663B86A6} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [2018-02-23] (iolo technologies, LLC)
Task: {2CE799D5-4DA8-463F-B091-E8CD4404A99B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {2F4C4776-2C93-4F69-AC7C-AE19C89A188C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-269484382-2649728555-3287885270-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-11-29] (RealNetworks, Inc.)
Task: {3511CF99-DD5E-427A-B34B-12FB7FF97771} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-03-02] (Symantec Corporation)
Task: {3CC8E649-1F35-472B-9CA4-A6B3E496178D} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\SymErr.exe [2018-03-02] (Symantec Corporation)
Task: {49987768-DF68-47B1-8248-F641C3167AE9} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-269484382-2649728555-3287885270-1001 => C:\program files (x86)\real\RealDownloader\RealUpgrade.exe [2017-11-29] (RealNetworks, Inc.)
Task: {5406DA12-DFD6-49CA-AEAD-BFAB12AE81AB} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {5E8FFBCC-3445-4D09-8488-100F4B864419} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {6D93A0E1-2B20-4011-A31B-961478CED5FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {6E3CF86C-B3A3-420D-B5D5-55EE8F19EAC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {7E1BAA68-CA96-42E3-98EC-2A352561564A} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {8410AA7C-7F8A-4B32-8046-13C68FC7F856} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {85E98753-6E5A-41B7-B332-01F8488011CC} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {8F54DB92-E0E2-4BF9-ACCC-AED5B70A28C6} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {9511CB95-DCA2-42D0-96D6-3D177079B12D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A14A6ECA-11D3-46DF-926D-7D7F78DC9389} - System32\Tasks\Weekly Scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2016-04-16] (Sophos Limited)
Task: {ADFD0215-7714-48DB-90B8-9514C9D4EA6E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B081B59E-17DE-45F2-A2E6-746C5A26F57F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B68375DE-EA4B-4BD7-A238-F445870991CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-10] (Google Inc.)
Task: {C4E75C55-0A38-428A-AA5D-4F38D4E1EB27} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-03-15] (Microsoft Corporation)
Task: {D847198F-FA66-48B9-A13A-B65099DECB6B} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {D9C40900-6E91-4EAB-92C2-4161487EB236} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.12.1.15\SymErr.exe [2018-03-02] (Symantec Corporation)
Task: {E0335E77-A4E2-4DCD-B00B-1168C7AFAA25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E0896119-365F-46BD-AA42-B07BF6279B3F} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {E3C45E84-9E38-42BA-AE91-4C9DD3C75137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-10] (Google Inc.)
Task: {E6041313-FF0B-4DDD-AB0D-9D3B345DD3CC} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {E74147AF-FEB0-46AF-A6C9-F6F6DB788CB1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {FAD4D598-EAE1-4868-8DFF-83A9451B7B74} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [2018-02-23] (iolo technologies, LLC)
Task: {FDEBB3BD-E180-4EC7-94C4-CBAC98A5A9D8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\TechSmith Updater.job => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe
Task: C:\Windows\Tasks\Weekly Scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-06 10:11 - 2012-04-26 15:51 - 000040448 _____ () C:\Windows\System32\pdf995mon64.dll
2015-03-14 15:11 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-21 15:09 - 2014-03-21 15:09 - 000021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-07-07 11:44 - 2015-07-07 11:44 - 000088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2016-04-26 14:30 - 2016-04-26 14:30 - 000367824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2014-11-17 21:22 - 2012-04-24 19:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-21 06:32 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-11-29 19:13 - 2017-11-29 19:13 - 001268048 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
2018-04-10 06:28 - 2018-03-19 23:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-04-10 06:28 - 2018-03-19 23:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2015-02-04 12:58 - 2014-03-06 14:15 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-08-14 11:57 - 2015-08-14 11:57 - 002099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-08-14 11:57 - 2015-08-14 11:57 - 001914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2016-08-11 20:44 - 2016-08-11 20:44 - 040578048 _____ () C:\Program Files (x86)\DishAnywherePlayer\libcef.dll
2016-08-11 20:44 - 2016-08-11 20:44 - 001920000 _____ () C:\Program Files (x86)\DishAnywherePlayer\ffmpegsumo.dll
2017-10-30 11:11 - 2017-10-30 11:11 - 017470888 _____ () C:\Program Files (x86)\DishAnywherePlayer\plugins\WBSPPluginManager.dll
2017-10-30 11:11 - 2017-10-30 11:11 - 000036264 _____ () C:\Program Files (x86)\DishAnywherePlayer\plugins\MediaSampleManager.dll
2017-10-30 11:11 - 2017-10-30 11:11 - 000129448 _____ () C:\Program Files (x86)\DishAnywherePlayer\plugins\PlaybackControl.dll
2017-10-30 11:11 - 2017-10-30 11:11 - 000079784 _____ () C:\Program Files (x86)\DishAnywherePlayer\plugins\zlib1.dll
2018-04-10 16:00 - 2018-04-09 03:17 - 000866120 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-04-10 16:00 - 2018-04-09 03:17 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-04-10 07:06 - 2018-04-09 03:17 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-04-10 16:00 - 2018-04-09 03:17 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-04-10 16:00 - 2018-04-09 03:17 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-04-10 07:06 - 2018-04-09 03:17 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-04-10 16:00 - 2018-04-09 03:17 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-04-10 16:00 - 2018-04-09 03:17 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-04-10 07:06 - 2018-04-09 03:17 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-04-10 07:06 - 2018-04-09 03:19 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-04-10 16:00 - 2018-04-09 03:17 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-04-10 07:06 - 2018-04-09 03:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-04-10 07:06 - 2018-04-09 03:19 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-04-10 16:00 - 2018-04-09 03:18 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-04-10 07:06 - 2018-04-09 03:19 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-04-10 16:00 - 2018-04-09 03:18 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\cityofmedford.org -> hxxps://vportal.cityofmedford.org
IE restricted site: HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\binkiland.com -> www.binkiland.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-10-24 10:13 - 000000828 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-269484382-2649728555-3287885270-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruth Cox\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKU\S-1-5-21-269484382-2649728555-3287885270-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{755889ED-0F11-4D1D-9291-71BF396FBDA3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4F6E4A84-12D0-4E6F-8CAA-160FB6907E6D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A058D718-CB31-40A2-92FC-C67BF953A45F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{32B69FEF-AD2B-4A49-B95E-5BFB79CC2BEA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AA0F1799-8506-4F42-91AE-FAF48F94A387}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{17281392-7537-4F10-923A-52B4639AB98B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{0C2EECDE-A792-45CA-B45D-47AB2C11C394}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CFE01399-EED9-4A9E-B25F-5E6D3C413257}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{D40C64A5-DB80-45AB-A7EB-04C3322DCBD9}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [{D32F5C2A-81F4-49C9-9ED6-EB76C9ACDFB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54747947-D198-4A8E-B86D-D7F08F443EBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6604D0E3-205B-467C-A46B-15B42BE736EC}] => (Allow) C:\Users\Ruth Cox\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{78151561-192D-4FA8-B693-FF598A1660F6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F771130E-C0E4-4151-B795-2848A4E3D5E5}] => (Allow) LPort=2869
FirewallRules: [{2E3B8F50-BCD1-4DAD-BAD0-79E78B937435}] => (Allow) LPort=1900
FirewallRules: [{2447A3B9-7C5D-4CBD-806E-C40F460D54BD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{36428EA0-4D57-40AA-ACA9-942A1507E03C}] => (Allow) LPort=8298
FirewallRules: [TCP Query User{504E2247-77D6-4498-831F-33935588535F}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{564259E9-BBDB-4925-AFBF-2D5CC14ACA23}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [TCP Query User{5A59BBB0-D737-4021-B82F-75C2E5E552EB}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [UDP Query User{975E9A7A-9725-40F7-8661-D1B04BDCF7F3}C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywheredesktop\dishanywhereplayer.exe
FirewallRules: [{9145F9F9-2D18-4CA1-AC54-6B24ED60A51D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{383914E9-4230-4184-96C1-7675D25D1C1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1A5C4F82-1A8D-4CFE-8B07-200B0B88547F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{064DC922-1D37-4254-83C6-849D16284E57}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2E9B6BA6-9F4D-4291-978B-92A324F2B6E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D1D6B9F8-4221-44F0-881E-8727EE0824EA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6E6C4793-62FE-4CA8-9D70-BE8D5C4E46FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{8C58A1FC-3B4C-48F9-B9F4-BCAA516AC490}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1369B761-AC75-4748-BB72-B9F0976189B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{28E6A364-C99B-4121-81F3-CDD82B32D927}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9C0A0D56-5022-423A-978C-B900B771BA1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{859D9283-BD6E-4E58-9384-19BAA28D5830}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{87EE45F7-5E25-4B4F-8EED-36ACF67DC435}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{9D5DC676-6330-4294-A752-DD27092782EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7D44085C-8123-488A-9505-883388B5D7D1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B58E4115-CAD8-4D14-9BDF-F6DBA8FB37EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C9EB17ED-FB36-4510-9C5C-3C79C03B1D94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{EAD1BB1B-C6D1-4160-AA45-28E40A780939}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2A2ABD75-2EA8-4230-A7A4-D0C25E3384CA}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{E45AAD79-5751-4690-AB48-1FF7A04B802A}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [UDP Query User{16630988-8D7E-4DA1-BD72-37619A5651F7}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [TCP Query User{B4A1FEF7-2AB8-4465-B0A0-43A41E29B253}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [UDP Query User{8DEF72FA-CE8E-473B-ABBC-9286641A3DDA}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe
FirewallRules: [{F3EC8B3E-0346-4CEF-A8EA-F0C4980B6DC8}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{EC264D7D-AA69-45AD-BDED-88E2CC64274E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DECBFF6F-529F-437E-AFF6-4C378882DC39}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
24-03-2018 19:38:55 Intel® Technology Access
06-04-2018 08:25:25 Scheduled Checkpoint
09-04-2018 21:03:16 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/10/2018 06:38:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 06:38:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 06:29:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 04:03:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 04:03:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 10:07:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 09:49:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/10/2018 09:49:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/10/2018 10:15:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/10/2018 10:13:52 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (04/10/2018 10:14:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:39 AM on ‎4/‎10/‎2018 was unexpected.
 
Error: (04/10/2018 09:27:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: McAfeeInc.04.McAfeeSecurityAdvisorforToshiba.
 
Error: (04/10/2018 06:32:28 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (04/10/2018 06:17:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.
 
Error: (04/09/2018 09:41:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The DTS APO Service service hung on starting.
 
Error: (04/09/2018 09:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
===================================
Date: 2015-03-12 18:20:08.758
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 113.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.11005.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-03-12 18:20:08.758
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.185.414.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.11005.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-03-12 18:20:08.742
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.185.414.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.11005.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2015-03-12 18:20:07.804
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.185.414.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.11005.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2014-11-17 19:48:58.263
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 49%
Total physical RAM: 8112.14 MB
Available physical RAM: 4056.64 MB
Total Virtual: 10288.14 MB
Available Virtual: 6390.92 MB
 
==================== Drives ================================
 
Drive c: (TI10707300B) (Fixed) (Total:919.87 GB) (Free:847.69 GB) NTFS
 
\\?\Volume{e5ff2107-7542-11e4-aea1-c260400251e4}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
\\?\Volume{d40fcddc-acb1-11e4-9079-2c600c56820c}\ (Recovery) (Fixed) (Total:10.42 GB) (Free:0.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.adwcleaner_delete_restart.jpg
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt



    Next you can skip the download pare of the instruction since you have it installed already.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#3
opalchance

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Did the AdwCleaner and then the Clean   Then did the Malwarebytes Anti-Malware but there was no option for mbam-setup-version.exe so did the free 14 day trial version.  My computer did the shut-down and some updates.    Now I can't open Google Chrome, Firefox or Internet explorer in order to post and send the logs.  (I'm using another computer).   I've rebooted again and still unable to open 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hello,


Open an elevated command prompt or elevated PowerShell.

In the elevated command prompt or PowerShell, type sfc /scannow and press Enter.

When the scan is complete, hopefully you will see an all is ok message.


If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 times restarting the PC after each time to completely fix everything that it's able to.
  • 0

#5
opalchance

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I'm in a bigger mess.....I thought I could do a restore point so I could at least use the internet but now I can't get past error messages  

 

It tries to diagnose itself and then I get error message  0xc000021a and then Automatic Repair  Your PC did not start correctly   Press Restart to restart your PC which can sometimes fix the problem.  You can also press "Advanced options" to try other options to repair your PC

 

 

I have no idea of how to do "Open an elevated command prompt or elevated PowerShell"


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Hello,

To open an elevated command prompt,

https://winaero.com/...mpt-in-windows/
  • 0

#7
opalchance

opalchance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

please close this request.  I had to resort to alternative methods to fix my computer.  


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,981 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP