Hey, I wasn't sure where to put this under or even title as there are multiple things going on with this PC. To start, last month a family member asked if I could look at their PC and mentioned that it has been running extremely slow. So a few days later I went to check on it, with not much to go on other than it was running slow, I loaded a thumb drive full of anti-virus software and cleaning software and went to take a look. From my first examination, it definitely was running really slow, 20-30 minutes just to open a simple window or taste manager. I checked to see if the CPU or RAM usage was high but it seem kind of normal, to me at least.
Since the PC was running far too slow, I switched over to safe mode and things ran a lot better from there. So I first started a quick scan with RogueKiller64 and after a few minutes it found some stuff, I then removed those, did a reboot to normal mode to see if anything was better. It felt like it got a bit faster(or at least it booted up faster) but as soon as got past the login screen it started to slow down again. So I went back to safe mode to see what else I can do.
The PC's owner is using is an old Dell PC that originally had Windows 7 I believe, that upgraded to Windows 10 64bit. So my first guess might have been hardware issues. I was running out of time as the owner needed to leave so I wanted to try a quick CCleaner scan and things got really weird after this. At some point towards the end of the scan, the screen's resolution became unfocused. Like everything just became in enlarged. So I then asked the owner to let me borrow his PC as its going to take some days to look at.
I finally get around to looking at his PC this week and it was much worse than I had predicted. To start, I started doing a full scan using Malwarebytes in safe mod no with internet. Malwarebytes would find several stuff then suddenly the PC would crash in the middle of the scan then reboot itself. During the crash, I remember seeing a "Your PC ran into a problem" message and it looked like something else flickered either before of after the message, it was just too fast for me to tell. So this just added to my "might be a hardware issue" theory. So I tried a 2nd Malwarebytes full scan and trying to record the crash with my camera phone but this time the PC would freeze, the scanning bar and the mouse just wouldn't move. I waited for a crash but nothing happened so I forced restarted the PC as I had no other options. I did another scan with RogueKiller64, this time a full scan and RogueKiller didn't find anything.
So I loaded up my thumb drive with some alternative scans. This time I tried a free trail version of Hitmanpro and ClamWin Portable. I did a scan with Hitmanpro and it didn't find anything and everything was normal. I then tried ClamWin Portable and it would find quite a few stuff but after awhile it too would crash in the middle of a scan and bring me to the "Your PC ran into a problem" screen but this time I was able to capture a pic of the screen as it just froze on that screen.
As you can see, those vertical lines you see is how it looked on my screen, if anyone needs to see more screenshots or if its not good enough, I got more I could upload.
After all these crashes and freezes I'd soon start to realized that it might not be hardware issues as this is too much of a coincidence to keep happening during a scan. I even check the HDD info using CrystalDisk to see if there were any signs of hard drive failure and so far it looked good. Even as I'm typing this post this PC would do random stuff like rebooting itself while being left alone in safe mode. So during this time, this PC isn't going to be hooked up to the internet for safety reasons so I'm going to be passing files over from my laptop that's running Windows 7 64bit and I'm not all that familiar with Windows 10. But here are the logs finally.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by allen (administrator) on ALLEN-PC (18-01-2019 22:46:23)
Running from C:\Users\allen\Desktop
Loaded Profiles: allen & (Available Profiles: allen & Administrator)
Platform: Windows 10 Home Version 1803 17134.471 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6848544 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224002414\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141633\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224003289\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141804\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\Software\...\AppCompatFlags\Custom\SndVol.exe: [{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb] -> cmd
HKLM\Software\...\AppCompatFlags\InstalledSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb [2014-10-24]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\Installer\chrmstp.exe [2018-11-28] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-12-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-30]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
SearchScopes: HKLM -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-27] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default [2018-12-22]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Google Search) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-09-19]
CHR Extension: (iLivid) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2016-01-30]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-10]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-22]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-12-22]
CHR Extension: (Slides) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-26]
CHR Extension: (Sheets) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-11-26]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-22]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-01] (PC-Doctor, Inc.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-09-12] (CloudBees, Inc.)
S2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-09-12] (Rivet Networks)
S2 SNMP; C:\WINDOWS\System32\snmp.exe [52736 2018-04-12] (Microsoft Corporation)
S2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-01-18] ()
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-18] (Malwarebytes)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-09-12] (Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [286176 2017-04-10] (silex technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-08-09] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
U3 idsvc; no ImagePath
S1 MpKslea35dc30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C0B68CB-F80B-4DA9-A662-30CA2A8A2EDA}\MpKslea35dc30.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-18 22:46 - 2019-01-18 22:48 - 000037095 _____ C:\Users\allen\Desktop\FRST.txt
2019-01-18 22:45 - 2019-01-18 22:46 - 000000000 ____D C:\FRST
2019-01-18 15:34 - 2019-01-18 15:34 - 000000000 ____D C:\Users\allen\Desktop\ClamWinPortable
2019-01-18 14:57 - 2019-01-18 14:57 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-01-18 14:56 - 2019-01-18 14:56 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-18 14:55 - 2019-01-18 15:05 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-18 14:55 - 2019-01-18 14:51 - 002427904 _____ (Farbar) C:\Users\allen\Desktop\FRST64.exe
2019-01-18 14:55 - 2019-01-18 14:45 - 008018400 _____ (PortableApps.com) C:\Users\allen\Desktop\ClamWinPortable_0.99.4_English.paf.exe
2019-01-18 14:01 - 2019-01-18 14:01 - 000000000 ____D C:\Users\allen\AppData\Local\ESET
2019-01-18 03:20 - 2019-01-18 22:39 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-18 02:50 - 2019-01-18 22:48 - 000539948 _____ C:\WINDOWS\ntbtlog.txt
2018-12-22 18:24 - 2018-12-22 18:24 - 000641256 _____ C:\Users\allen\Documents\cc_20181222_182444.reg
2018-12-22 18:14 - 2018-12-22 18:14 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-22 18:14 - 2018-12-22 18:14 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-12-22 18:14 - 2018-12-22 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-22 18:13 - 2018-12-22 18:14 - 000000000 ____D C:\Program Files\CCleaner
2018-12-22 18:10 - 2018-12-22 18:10 - 000000000 ____D C:\Users\allen\AppData\Local\mbam
2018-12-22 18:09 - 2018-12-22 18:09 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\Users\allen\AppData\Local\mbamtray
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-22 18:09 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-22 18:08 - 2018-12-22 18:08 - 000000000 ____D C:\ProgramData\MB2Migration
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}
2018-12-22 16:52 - 2018-12-22 17:41 - 000000000 ____D C:\ProgramData\RogueKiller
2018-12-22 16:51 - 2018-12-18 23:50 - 019299120 _____ (Piriform Software Ltd) C:\Users\allen\Desktop\ccsetup551.exe
2018-12-22 16:50 - 2019-01-18 03:24 - 000000000 ____D C:\Users\allen\Desktop\CrystalDiskInfo8_0_0
2018-12-22 16:50 - 2018-12-22 16:50 - 000000000 ____D C:\Users\allen\Desktop\CryptoPreventSetup_V9
2018-12-22 16:50 - 2018-12-18 23:44 - 033336888 _____ C:\Users\allen\Desktop\RogueKiller_portable64.exe
2018-12-22 16:37 - 2019-01-18 22:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\DefaultAppPool
2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\Administrator.allen-PC
2019-01-18 22:41 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-18 22:41 - 2017-12-10 15:59 - 000000000 ___HD C:\Users\allen\MicrosoftEdgeBackups
2019-01-18 22:36 - 2018-05-22 20:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-18 22:35 - 2015-12-30 14:35 - 000231104 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2019-01-18 22:35 - 2010-03-13 15:35 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-01-18 22:34 - 2018-05-22 19:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-18 22:34 - 2015-12-30 14:35 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2019-01-18 15:05 - 2011-10-09 15:42 - 000000000 ____D C:\Users\allen\AppData\Local\CrashDumps
2019-01-18 03:24 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-18 03:20 - 2018-05-22 20:02 - 000000000 ____D C:\Users\allen
2019-01-18 02:55 - 2018-05-22 19:57 - 000975392 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-18 02:50 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-22 18:22 - 2013-04-06 19:57 - 000000000 ____D C:\ProgramData\LogMeIn
2018-12-22 18:22 - 2010-04-18 20:13 - 000000000 ____D C:\Users\allen\Tracing
2018-12-22 18:21 - 2018-05-17 02:08 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-22 18:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-22 18:09 - 2015-12-28 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-22 17:59 - 2016-09-26 14:40 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-12-22 17:59 - 2016-09-26 14:40 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-12-22 17:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-22 17:45 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-22 14:46 - 2018-05-22 20:26 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{471BD1C7-CD07-4F6D-A642-A998CD97AA94}
2018-12-19 19:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-12-19 19:45 - 2016-01-30 23:19 - 000000000 ____D C:\Users\allen\AppData\LocalLow\LastPass
==================== Files in the root of some directories =======
2010-06-03 19:24 - 2014-02-12 12:55 - 000000046 _____ () C:\Users\allen\jagex_runescape_preferences.dat
2010-06-03 19:25 - 2014-02-12 12:55 - 000000129 _____ () C:\Users\allen\jagex_runescape_preferences2.dat
2010-06-03 19:25 - 2010-06-03 19:25 - 000000000 _____ () C:\Users\allen\jagex__preferences3.dat
2013-03-31 08:41 - 2013-03-31 08:41 - 055454464 _____ (Safer-Networking Ltd. ) C:\Users\allen\SpybotnSD2.exe
2015-12-30 14:37 - 2015-12-30 14:37 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-03-04 17:31 - 2014-03-04 17:31 - 000000602 _____ () C:\Users\allen\AppData\Roaming\aps.scan.quick.results
2014-03-04 17:31 - 2014-03-04 17:31 - 000001343 _____ () C:\Users\allen\AppData\Roaming\aps.scan.results
2014-10-24 18:11 - 2014-10-24 18:11 - 000000276 _____ () C:\Users\allen\AppData\Roaming\INSTALL_TOR.URL
2014-10-24 17:26 - 2014-10-24 17:26 - 000000000 _____ () C:\Users\allen\AppData\Roaming\nvjtoi.dll
2010-04-22 15:09 - 2015-01-20 21:52 - 000003946 _____ () C:\Users\allen\AppData\Roaming\wklnhst.dat
2014-10-24 17:26 - 2014-10-24 17:26 - 000000448 ____H () C:\Users\allen\AppData\Roaming\麽鎒駓覜
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Roaming\Microsoft\INSTALL_TOR.URL
2012-12-25 11:06 - 2013-03-05 16:09 - 000000580 _____ () C:\Users\allen\AppData\Local\cookies.ini
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Local\INSTALL_TOR.URL
2018-12-16 21:40 - 2018-12-16 21:42 - 000007605 _____ () C:\Users\allen\AppData\Local\Resmon.ResmonCfg
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ () C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2868494883-496666506-3604909990-1001\$21d795b1cb651fe9782fdd55be9fe90a
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$21d795b1cb651fe9782fdd55be9fe90a
Some files in TEMP:
====================
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-22 19:53
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by allen (18-01-2019 22:49:11)
Running from C:\Users\allen\Desktop
Windows 10 Home Version 1803 17134.471 (X64) (2018-05-23 01:28:14)
Boot Mode: Safe Mode (minimal)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2868494883-496666506-3604909990-500 - Administrator - Disabled) => C:\Users\Administrator.allen-PC
allen (S-1-5-21-2868494883-496666506-3604909990-1001 - Administrator - Enabled) => C:\Users\allen
DefaultAccount (S-1-5-21-2868494883-496666506-3604909990-503 - Limited - Disabled)
Guest (S-1-5-21-2868494883-496666506-3604909990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2868494883-496666506-3604909990-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2868494883-496666506-3604909990-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ares 3.1.6.3040 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.6.3040 - Ares)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\blinkx beat) (Version: 1.5.0 - blinkx)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{5F641343-FA40-4084-855A-7FA3251783DC}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Limewire Plus+ 1.0.1.8082 (HKLM-x32\...\{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1) (Version: 1.0.1.8082 - Limewire Plus+)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartByte Drivers and Services (HKLM\...\{6AD3253B-AFE1-436E-971B-B16D8C6ABA3F}) (Version: 2.0.637 - Rivet Networks)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version: - Electronic Arts)
TreeSize Free V2.3.3 (HKLM-x32\...\TreeSize Free_is1) (Version: - JAM Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version: - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (HKLM-x32\...\{40C4903E-EDFB-4CAE-A611-41FEBA585921}) (Version: 1.00.0000 - VTech) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.24.37 - Webroot)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B01 - ZTE Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ContextMenuHandlers1: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-18] (Webroot)
ContextMenuHandlers4: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-18] (Webroot)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {107C9AB3-14F6-4636-8934-B73766408965} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19A45F6F-18DD-48ED-9CBE-3C36D1291E51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2020FE09-8670-44EF-9C16-BB1928117C65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {202B78D2-8ABB-4B57-B02B-F419CEF24F53} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3135058B-5E56-40B5-9552-EA5C622B7776} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {40468A8D-AB13-452D-84FE-453A72A69306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {46C49DB5-2E51-4840-B050-9A6EA15EAB7E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {4A175B05-7477-44B7-876C-3430D4FB47A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {4FEE5DEB-D32F-4B82-B13B-97DEA2561B13} - System32\Tasks\S-1-5-21-2868494883-496666506-3604909990-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {579BDB0C-14BB-4BFE-AAD1-741398CFCAC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {5928F11C-83E1-47F3-B3F6-BB6179E95105} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {655A0AFF-9B12-4AF8-96F2-8E1314CAEF93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {688CC475-BDDC-4529-89A7-D151F76BB0E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6978768B-9435-47FC-A253-35ED859C8589} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-31] ()
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {81756A66-7686-4FB5-841C-630E54BE761D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83A002A8-ECA0-46AA-B2CD-3A75CCA41479} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-09-12] (DELL)
Task: {86569E59-CCBB-49CF-9E46-F1A697AED73D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {86613859-C14E-49D6-B388-41A103AFD71F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8D95EE1A-76FB-4001-BCA4-4458E3753746} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9265BB05-318E-4BED-83D4-98B1E3DDA1EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {97B65DD4-7F8E-4045-BC47-3D10037A32B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A04F32F2-62C8-40E7-B2CE-C5DF3A98C09C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: {C6E191BD-A0BB-457A-A90C-C6DA7C4984EC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6EB5983-92CB-4F02-9103-87276BF921DC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C8428EFE-64C0-4699-A8BE-A84CAF850017} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D07B2852-F431-4C8B-8C62-E74C8FA677E7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D960EE6A-188E-4CE7-BC3A-BA1352089ADB} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DBF49D28-CA1A-4F12-BD0F-883F8F6C1135} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC0B0A4-1912-43BC-85DE-63F16E0E8097} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DF24C33F-7BFC-424E-BCE4-A3002AAA8933} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E40FFBD0-0EA5-4832-83BA-7C5FFD5909CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {E7538BF4-59CC-479E-B32E-F5825103C9AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E77694B2-110E-4C93-BBA2-88F7C9879653} - System32\Tasks\{74E3C764-CE51-6F22-1DFD-EDD8E01B3953} => C:\Windows\system32\regsvr32.exe /s "C:\Users\allen\AppData\Roaming\ktwifx.dll"
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED4B1096-05ED-4586-9E4C-8B95EF2AE65C} - System32\Tasks\{66803BAE-8341-46F1-8A9B-1399037AC030} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F025CB1E-DAD5-4720-B2C1-DEC7AA94305F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F10F634F-C582-4598-891E-73C244C69D09} - System32\Tasks\{A8B686EA-B167-43BF-99B1-493D6157E870} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {F2252087-41C1-45AA-8A84-A18E6B1C0771} - System32\Tasks\{B54FE0E7-C9FA-491D-965E-5DA4BD1E4687} => C:\Windows\system32\pcalua.exe -a "C:\Users\allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZWKMEIG\pspvideo9_Installer[1].exe" -d C:\Users\allen\Desktop
Task: {F4263EEF-5614-4E80-B526-C868D2618A80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {F53F8269-8EC0-49FB-B176-F0647982804B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F72AA359-8985-41CE-91DD-CDEF3A14793A} - System32\Tasks\{84277C7A-38EB-4135-9339-D77CB539AEF7} => C:\Windows\system32\pcalua.exe -a "I:\Power DVD Deluxe v7.0Full\Install\Setup.exe" -d "I:\Power DVD Deluxe v7.0Full\Install"
Task: {F8DFA56F-C68E-4206-9B3E-C2E1781C0432} - System32\Tasks\Ongoing package check => C:\Users\allen\AppData\Roaming\VOPackage\VOPackage.exe
Task: {F94C2043-26FA-43BB-B0CF-F417B18EAF85} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC9D31C3-4034-4385-A44D-1E0013B24C44} - System32\Tasks\Norton Security Scan for allen => C:\PROGRA~2\NORTON~2\Engine\313~1.7\Nss.exe
Task: {FEAB17AD-C592-4264-B5F9-90B2C7AAEC0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\allen\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\allen\Desktop\Robert - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2018-12-22 18:09 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 02:11 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-14 20:57 - 2018-12-14 22:59 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 02:11 - 2018-12-08 02:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224002414\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141633\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224003289\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141804\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Babylon Client => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: BabylonToolbar => "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: egidPXEnjJF.exe => C:\ProgramData\egidPXEnjJF.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: limewire plus+ => "C:\Program Files (x86)\Limewire Plus+\limewire.exe" -h
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\allen\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\allen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: StartNow Search Protect => "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{CE5E0604-710F-4363-8845-D57307CDD231}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{415671FB-36CC-48AF-AD26-69909DBEA17F}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{B4A716E5-DC03-475F-8F24-9C1DC78C6602}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{FE9DC3D9-0BA9-4B6A-8E18-A9A10783FF75}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{71169C87-C998-4F69-8DD2-1CCB48CB42B0}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{08B600A8-DC59-4B2A-832E-6BA623236823}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{4CB0F24B-E84F-4094-9553-B7283A7993CE}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{C6849B8D-D3D2-472E-9EE3-9F707812EB90}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{AADE7AA0-F505-4805-8F16-4CE0BFE22FE9}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{194A1D62-3CB4-4557-AA89-CD6FA15C289B}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{70CCA2B8-5A55-4BF1-9F25-0143EB259EF9}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{5A027485-9A49-41D7-8D72-D6D30A475B54}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{448F320B-2644-4371-A111-4EC451340D05}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{A4473480-E8E0-4E18-A08A-A520AF877151}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{0D2EB0F2-7A2C-4D35-92DD-D90E1CD79C84}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{AA80E7B2-F43F-41B7-BF00-841E8349AD5D}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{C90164AB-F220-4C08-BB2F-B70309AE99C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{C1F549F7-BBDB-46D2-91CC-F5D78C298BCA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7FB83F0D-C0E2-4E4C-B827-C112A6B47C37}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
==================== Restore Points =========================
06-12-2018 16:24:20 Windows Modules Installer
08-12-2018 00:22:40 Windows Modules Installer
09-12-2018 01:01:55 Windows Modules Installer
10-12-2018 03:02:09 Windows Modules Installer
13-12-2018 22:39:45 Windows Update
16-12-2018 12:53:30 Garmin Express
==================== Faulty Device Manager Devices =============
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: SXUPTP Driver
Description: SXUPTP Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: silex technology, Inc.
Service: sxuptp
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2019 03:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Faulting module name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Exception code: 0xc0000005
Fault offset: 0x00000000002c2715
Faulting process id: 0x52c
Faulting application start time: 0x01d4af67cdfd0c36
Faulting application path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Report Id: 03f3592c-0efd-464f-8fac-20d0240f7554
Faulting package full name:
Faulting package-relative application ID:
Error: (12/22/2018 06:26:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
Details:
Could not query the status of the EventSystem service.
System Error:
A system shutdown is in progress.
.
Error: (12/22/2018 05:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Faulting module name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Exception code: 0xc0000409
Fault offset: 0x00000000000e966c
Faulting process id: 0x143c
Faulting application start time: 0x01d49a480deffe49
Faulting application path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Faulting module path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Report Id: 9e5cafdd-767d-4685-8dd6-3676bf001d0c
Faulting package full name:
Faulting package-relative application ID:
Error: (12/22/2018 05:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: CNC_BLC.dll, version: 20.1.0.1, time stamp: 0x4fbed08a
Exception code: 0xc0000005
Fault offset: 0x00000000000046bd
Faulting process id: 0x16ec
Faulting application start time: 0x01d49a480e528c0b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\system32\CNC_BLC.dll
Report Id: 74ed5495-c0d7-42de-9ffa-c4bf3b964487
Faulting package full name:
Faulting package-relative application ID:
Error: (12/22/2018 12:25:16 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)
Error: (12/21/2018 12:35:44 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)
Error: (12/21/2018 10:54:24 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)
Error: (12/21/2018 09:58:08 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)
System errors:
=============
Error: (01/18/2019 10:50:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/18/2019 10:50:05 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
Windows Defender:
===================================
Date: 2018-12-06 17:11:09.972
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B9FFFE2-0F14-40AD-B447-A5C62780410A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-18 22:49:10.722
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2019-01-18 22:49:10.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2019-01-18 22:49:10.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2019-01-18 22:49:10.717
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
Date: 2019-01-18 22:49:10.717
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.
CodeIntegrity:
===================================
Date: 2018-12-22 18:07:54.954
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 18:07:54.947
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 18:07:54.941
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 18:07:54.934
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 16:52:24.318
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 16:52:24.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 16:52:24.305
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-22 16:52:24.298
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 21%
Total physical RAM: 6133.17 MB
Available physical RAM: 4817.91 MB
Total Virtual: 12277.17 MB
Available Virtual: 11087.72 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:581.47 GB) (Free:487.49 GB) NTFS
\\?\Volume{44d36ca4-2eef-11df-af9c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 94959DDD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================