Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 10 running extreamly slow, unable to do proper scans, crashes,


  • This topic is locked This topic is locked

#1
SunnySeven

SunnySeven

    Member

  • Member
  • PipPip
  • 47 posts

Hey, I wasn't sure where to put this under or even title as there are multiple things going on with this PC. To start, last month a family member asked if I could look at their PC and mentioned that it has been running extremely slow. So a few days later I went to check on it, with not much to go on other than it was running slow, I loaded a thumb drive full of anti-virus software and cleaning software and went to take a look. From my first examination, it definitely was running really slow, 20-30 minutes just to open a simple window or taste manager. I checked to see if the CPU or RAM usage was high but it seem kind of normal, to me at least.

 

Since the PC was running far too slow, I switched over to safe mode and things ran a lot better from there. So I first started a quick scan with RogueKiller64 and after a few minutes it found some stuff, I then removed those, did a reboot to normal mode to see if anything was better. It felt like it got a bit faster(or at least it booted up faster) but as soon as got past the login screen it started to slow down again. So I went back to safe mode to see what else I can do.

 

The PC's owner is using is an old Dell PC that originally had Windows 7 I believe, that upgraded to Windows 10 64bit. So my first guess might have been hardware issues. I was running out of time as the owner needed to leave so I wanted to try a quick CCleaner scan and things got really weird after this. At some point towards the end of the scan, the screen's resolution became unfocused. Like everything just became in enlarged. So I then asked the owner to let me borrow his PC as its going to take some days to look at.

 

I finally get around to looking at his PC this week and it was much worse than I had predicted. To start, I started doing a full scan using Malwarebytes in safe mod no with internet. Malwarebytes would find several stuff then suddenly the PC would crash in the middle of the scan then reboot itself. During the crash, I remember seeing a "Your PC ran into a problem" message and it looked like something else flickered either before of after the message, it was just too fast for me to tell. So this just added to my "might be a hardware issue" theory. So I tried a 2nd Malwarebytes full scan and trying to record the crash with my camera phone but this time the PC would freeze, the scanning bar and the mouse just wouldn't move. I waited for a crash but nothing happened so I forced restarted the PC as I had no other options. I did another scan with RogueKiller64, this time a full scan and RogueKiller didn't find anything.

 

So I loaded up my thumb drive with some alternative scans. This time I tried a free trail version of Hitmanpro and ClamWin Portable. I did a scan with Hitmanpro and it didn't find anything and everything was normal. I then tried ClamWin Portable and it would find quite a few stuff but after awhile it too would crash in the middle of a scan and bring me to the "Your PC ran into a problem" screen but this time I was able to capture a pic of the screen as it just froze on that screen.

 

23seHEr.jpg

 

As you can see, those vertical lines you see is how it looked on my screen, if anyone needs to see more screenshots or if its not good enough, I got more I could upload.

 

After all these crashes and freezes I'd soon start to realized that it might not be hardware issues as this is too much of a coincidence to keep happening during a scan. I even check the HDD info using CrystalDisk to see if there were any signs of hard drive failure and so far it looked good. Even as I'm typing this post this PC would do random stuff like rebooting itself while being left alone in safe mode. So during this time, this PC isn't going to be hooked up to the internet for safety reasons so I'm going to be passing files over from my laptop that's running Windows 7 64bit and I'm not all that familiar with Windows 10. But here are the logs finally.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by allen (administrator) on ALLEN-PC (18-01-2019 22:46:23)
Running from C:\Users\allen\Desktop
Loaded Profiles: allen &  (Available Profiles: allen & Administrator)
Platform: Windows 10 Home Version 1803 17134.471 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6848544 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224002414\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141633\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224003289\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141804\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\Software\...\AppCompatFlags\Custom\SndVol.exe: [{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb] -> cmd
HKLM\Software\...\AppCompatFlags\InstalledSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb [2014-10-24]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\Installer\chrmstp.exe [2018-11-28] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-12-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-30]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
SearchScopes: HKLM -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> 6EAF779856D74FD19B017128B18D68D4 URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={4D858812-B506-4A17-9CC5-635BA93862BE}&mid=e45412ea8f8147d3b87e75f39d027a33-d33d935944221ff10b36833b26b0e8ce1561993b&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-02-20 16:21:50&v=17.3.1.91&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL =
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> {F8E9C2AD-6C00-4D86-AE59-C266DCF539DD} URL = hxxp://websearch.shopathome.com?user_id=%guid&q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-27] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default [2018-12-22]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Google Search) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-09-19]
CHR Extension: (iLivid) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2016-01-30]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-10]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-22]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-12-22]
CHR Extension: (Slides) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-26]
CHR Extension: (Sheets) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-11-26]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-22]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-01] (PC-Doctor, Inc.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-09-12] (CloudBees, Inc.)
S2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-09-12] (Rivet Networks)
S2 SNMP; C:\WINDOWS\System32\snmp.exe [52736 2018-04-12] (Microsoft Corporation)
S2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-01-18] ()
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-18] (Malwarebytes)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-09-12] (Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [286176 2017-04-10] (silex technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-08-09] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
U3 idsvc; no ImagePath
S1 MpKslea35dc30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C0B68CB-F80B-4DA9-A662-30CA2A8A2EDA}\MpKslea35dc30.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 22:46 - 2019-01-18 22:48 - 000037095 _____ C:\Users\allen\Desktop\FRST.txt
2019-01-18 22:45 - 2019-01-18 22:46 - 000000000 ____D C:\FRST
2019-01-18 15:34 - 2019-01-18 15:34 - 000000000 ____D C:\Users\allen\Desktop\ClamWinPortable
2019-01-18 14:57 - 2019-01-18 14:57 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-01-18 14:56 - 2019-01-18 14:56 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-18 14:55 - 2019-01-18 15:05 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-18 14:55 - 2019-01-18 14:51 - 002427904 _____ (Farbar) C:\Users\allen\Desktop\FRST64.exe
2019-01-18 14:55 - 2019-01-18 14:45 - 008018400 _____ (PortableApps.com) C:\Users\allen\Desktop\ClamWinPortable_0.99.4_English.paf.exe
2019-01-18 14:01 - 2019-01-18 14:01 - 000000000 ____D C:\Users\allen\AppData\Local\ESET
2019-01-18 03:20 - 2019-01-18 22:39 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-18 02:50 - 2019-01-18 22:48 - 000539948 _____ C:\WINDOWS\ntbtlog.txt
2018-12-22 18:24 - 2018-12-22 18:24 - 000641256 _____ C:\Users\allen\Documents\cc_20181222_182444.reg
2018-12-22 18:14 - 2018-12-22 18:14 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-22 18:14 - 2018-12-22 18:14 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-12-22 18:14 - 2018-12-22 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-12-22 18:13 - 2018-12-22 18:14 - 000000000 ____D C:\Program Files\CCleaner
2018-12-22 18:10 - 2018-12-22 18:10 - 000000000 ____D C:\Users\allen\AppData\Local\mbam
2018-12-22 18:09 - 2018-12-22 18:09 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\Users\allen\AppData\Local\mbamtray
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-22 18:09 - 2018-12-22 18:09 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-22 18:09 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-12-22 18:08 - 2018-12-22 18:08 - 000000000 ____D C:\ProgramData\MB2Migration
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}
2018-12-22 16:52 - 2018-12-22 17:41 - 000000000 ____D C:\ProgramData\RogueKiller
2018-12-22 16:51 - 2018-12-18 23:50 - 019299120 _____ (Piriform Software Ltd) C:\Users\allen\Desktop\ccsetup551.exe
2018-12-22 16:50 - 2019-01-18 03:24 - 000000000 ____D C:\Users\allen\Desktop\CrystalDiskInfo8_0_0
2018-12-22 16:50 - 2018-12-22 16:50 - 000000000 ____D C:\Users\allen\Desktop\CryptoPreventSetup_V9
2018-12-22 16:50 - 2018-12-18 23:44 - 033336888 _____ C:\Users\allen\Desktop\RogueKiller_portable64.exe
2018-12-22 16:37 - 2019-01-18 22:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\DefaultAppPool
2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\Administrator.allen-PC
2019-01-18 22:41 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-18 22:41 - 2017-12-10 15:59 - 000000000 ___HD C:\Users\allen\MicrosoftEdgeBackups
2019-01-18 22:36 - 2018-05-22 20:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-18 22:35 - 2015-12-30 14:35 - 000231104 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2019-01-18 22:35 - 2010-03-13 15:35 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-01-18 22:34 - 2018-05-22 19:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-18 22:34 - 2015-12-30 14:35 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2019-01-18 15:05 - 2011-10-09 15:42 - 000000000 ____D C:\Users\allen\AppData\Local\CrashDumps
2019-01-18 03:24 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-18 03:20 - 2018-05-22 20:02 - 000000000 ____D C:\Users\allen
2019-01-18 02:55 - 2018-05-22 19:57 - 000975392 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-01-18 02:50 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-22 18:22 - 2013-04-06 19:57 - 000000000 ____D C:\ProgramData\LogMeIn
2018-12-22 18:22 - 2010-04-18 20:13 - 000000000 ____D C:\Users\allen\Tracing
2018-12-22 18:21 - 2018-05-17 02:08 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-22 18:20 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-22 18:09 - 2015-12-28 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-22 17:59 - 2016-09-26 14:40 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-12-22 17:59 - 2016-09-26 14:40 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-12-22 17:45 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-22 17:45 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-22 14:46 - 2018-05-22 20:26 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{471BD1C7-CD07-4F6D-A642-A998CD97AA94}
2018-12-19 19:48 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-12-19 19:45 - 2016-01-30 23:19 - 000000000 ____D C:\Users\allen\AppData\LocalLow\LastPass

==================== Files in the root of some directories =======

2010-06-03 19:24 - 2014-02-12 12:55 - 000000046 _____ () C:\Users\allen\jagex_runescape_preferences.dat
2010-06-03 19:25 - 2014-02-12 12:55 - 000000129 _____ () C:\Users\allen\jagex_runescape_preferences2.dat
2010-06-03 19:25 - 2010-06-03 19:25 - 000000000 _____ () C:\Users\allen\jagex__preferences3.dat
2013-03-31 08:41 - 2013-03-31 08:41 - 055454464 _____ (Safer-Networking Ltd.                                       ) C:\Users\allen\SpybotnSD2.exe
2015-12-30 14:37 - 2015-12-30 14:37 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-03-04 17:31 - 2014-03-04 17:31 - 000000602 _____ () C:\Users\allen\AppData\Roaming\aps.scan.quick.results
2014-03-04 17:31 - 2014-03-04 17:31 - 000001343 _____ () C:\Users\allen\AppData\Roaming\aps.scan.results
2014-10-24 18:11 - 2014-10-24 18:11 - 000000276 _____ () C:\Users\allen\AppData\Roaming\INSTALL_TOR.URL
2014-10-24 17:26 - 2014-10-24 17:26 - 000000000 _____ () C:\Users\allen\AppData\Roaming\nvjtoi.dll
2010-04-22 15:09 - 2015-01-20 21:52 - 000003946 _____ () C:\Users\allen\AppData\Roaming\wklnhst.dat
2014-10-24 17:26 - 2014-10-24 17:26 - 000000448 ____H () C:\Users\allen\AppData\Roaming\麽鎒駓覜
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Roaming\Microsoft\INSTALL_TOR.URL
2012-12-25 11:06 - 2013-03-05 16:09 - 000000580 _____ () C:\Users\allen\AppData\Local\cookies.ini
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Local\INSTALL_TOR.URL
2018-12-16 21:40 - 2018-12-16 21:42 - 000007605 _____ () C:\Users\allen\AppData\Local\Resmon.ResmonCfg
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ () C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2868494883-496666506-3604909990-1001\$21d795b1cb651fe9782fdd55be9fe90a

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$21d795b1cb651fe9782fdd55be9fe90a

Some files in TEMP:
====================
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 19:53

==================== End of FRST.txt ============================

 

 

 

 

Addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by allen (18-01-2019 22:49:11)
Running from C:\Users\allen\Desktop
Windows 10 Home Version 1803 17134.471 (X64) (2018-05-23 01:28:14)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2868494883-496666506-3604909990-500 - Administrator - Disabled) => C:\Users\Administrator.allen-PC
allen (S-1-5-21-2868494883-496666506-3604909990-1001 - Administrator - Enabled) => C:\Users\allen
DefaultAccount (S-1-5-21-2868494883-496666506-3604909990-503 - Limited - Disabled)
Guest (S-1-5-21-2868494883-496666506-3604909990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2868494883-496666506-3604909990-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2868494883-496666506-3604909990-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ares 3.1.6.3040 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.6.3040 - Ares)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\blinkx beat) (Version: 1.5.0 - blinkx)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{5F641343-FA40-4084-855A-7FA3251783DC}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Limewire Plus+ 1.0.1.8082 (HKLM-x32\...\{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1) (Version: 1.0.1.8082 - Limewire Plus+)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartByte Drivers and Services (HKLM\...\{6AD3253B-AFE1-436E-971B-B16D8C6ABA3F}) (Version: 2.0.637 - Rivet Networks)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
TreeSize Free V2.3.3 (HKLM-x32\...\TreeSize Free_is1) (Version:  - JAM Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (HKLM-x32\...\{40C4903E-EDFB-4CAE-A611-41FEBA585921}) (Version: 1.00.0000 - VTech) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.24.37 - Webroot)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B01 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2019-01-18] (Webroot)
ContextMenuHandlers1: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-18] (Webroot)
ContextMenuHandlers4: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-18] (Webroot)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {107C9AB3-14F6-4636-8934-B73766408965} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19A45F6F-18DD-48ED-9CBE-3C36D1291E51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2020FE09-8670-44EF-9C16-BB1928117C65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {202B78D2-8ABB-4B57-B02B-F419CEF24F53} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3135058B-5E56-40B5-9552-EA5C622B7776} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {40468A8D-AB13-452D-84FE-453A72A69306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {46C49DB5-2E51-4840-B050-9A6EA15EAB7E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {4A175B05-7477-44B7-876C-3430D4FB47A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {4FEE5DEB-D32F-4B82-B13B-97DEA2561B13} - System32\Tasks\S-1-5-21-2868494883-496666506-3604909990-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {579BDB0C-14BB-4BFE-AAD1-741398CFCAC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {5928F11C-83E1-47F3-B3F6-BB6179E95105} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {655A0AFF-9B12-4AF8-96F2-8E1314CAEF93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {688CC475-BDDC-4529-89A7-D151F76BB0E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6978768B-9435-47FC-A253-35ED859C8589} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-31] ()
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {81756A66-7686-4FB5-841C-630E54BE761D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83A002A8-ECA0-46AA-B2CD-3A75CCA41479} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-09-12] (DELL)
Task: {86569E59-CCBB-49CF-9E46-F1A697AED73D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {86613859-C14E-49D6-B388-41A103AFD71F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8D95EE1A-76FB-4001-BCA4-4458E3753746} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9265BB05-318E-4BED-83D4-98B1E3DDA1EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {97B65DD4-7F8E-4045-BC47-3D10037A32B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A04F32F2-62C8-40E7-B2CE-C5DF3A98C09C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: {C6E191BD-A0BB-457A-A90C-C6DA7C4984EC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6EB5983-92CB-4F02-9103-87276BF921DC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C8428EFE-64C0-4699-A8BE-A84CAF850017} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D07B2852-F431-4C8B-8C62-E74C8FA677E7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D960EE6A-188E-4CE7-BC3A-BA1352089ADB} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe  <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DBF49D28-CA1A-4F12-BD0F-883F8F6C1135} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC0B0A4-1912-43BC-85DE-63F16E0E8097} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DF24C33F-7BFC-424E-BCE4-A3002AAA8933} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E40FFBD0-0EA5-4832-83BA-7C5FFD5909CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {E7538BF4-59CC-479E-B32E-F5825103C9AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E77694B2-110E-4C93-BBA2-88F7C9879653} - System32\Tasks\{74E3C764-CE51-6F22-1DFD-EDD8E01B3953} => C:\Windows\system32\regsvr32.exe /s "C:\Users\allen\AppData\Roaming\ktwifx.dll"
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED4B1096-05ED-4586-9E4C-8B95EF2AE65C} - System32\Tasks\{66803BAE-8341-46F1-8A9B-1399037AC030} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F025CB1E-DAD5-4720-B2C1-DEC7AA94305F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F10F634F-C582-4598-891E-73C244C69D09} - System32\Tasks\{A8B686EA-B167-43BF-99B1-493D6157E870} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {F2252087-41C1-45AA-8A84-A18E6B1C0771} - System32\Tasks\{B54FE0E7-C9FA-491D-965E-5DA4BD1E4687} => C:\Windows\system32\pcalua.exe -a "C:\Users\allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZWKMEIG\pspvideo9_Installer[1].exe" -d C:\Users\allen\Desktop
Task: {F4263EEF-5614-4E80-B526-C868D2618A80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {F53F8269-8EC0-49FB-B176-F0647982804B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F72AA359-8985-41CE-91DD-CDEF3A14793A} - System32\Tasks\{84277C7A-38EB-4135-9339-D77CB539AEF7} => C:\Windows\system32\pcalua.exe -a "I:\Power DVD Deluxe v7.0Full\Install\Setup.exe" -d "I:\Power DVD Deluxe v7.0Full\Install"
Task: {F8DFA56F-C68E-4206-9B3E-C2E1781C0432} - System32\Tasks\Ongoing package check => C:\Users\allen\AppData\Roaming\VOPackage\VOPackage.exe
Task: {F94C2043-26FA-43BB-B0CF-F417B18EAF85} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC9D31C3-4034-4385-A44D-1E0013B24C44} - System32\Tasks\Norton Security Scan for allen => C:\PROGRA~2\NORTON~2\Engine\313~1.7\Nss.exe
Task: {FEAB17AD-C592-4264-B5F9-90B2C7AAEC0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\allen\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\allen\Desktop\Robert - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2018-12-22 18:09 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 02:11 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-12-14 20:57 - 2018-12-14 22:59 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 02:11 - 2018-12-08 02:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224002414\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141633\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224003289\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224141804\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Babylon Client => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
MSCONFIG\startupreg: BabylonToolbar => "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: egidPXEnjJF.exe => C:\ProgramData\egidPXEnjJF.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: limewire plus+ => "C:\Program Files (x86)\Limewire Plus+\limewire.exe" -h
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\allen\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\allen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: StartNow Search Protect => "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{CE5E0604-710F-4363-8845-D57307CDD231}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{415671FB-36CC-48AF-AD26-69909DBEA17F}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{B4A716E5-DC03-475F-8F24-9C1DC78C6602}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{FE9DC3D9-0BA9-4B6A-8E18-A9A10783FF75}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{71169C87-C998-4F69-8DD2-1CCB48CB42B0}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{08B600A8-DC59-4B2A-832E-6BA623236823}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{4CB0F24B-E84F-4094-9553-B7283A7993CE}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{C6849B8D-D3D2-472E-9EE3-9F707812EB90}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{AADE7AA0-F505-4805-8F16-4CE0BFE22FE9}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{194A1D62-3CB4-4557-AA89-CD6FA15C289B}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{70CCA2B8-5A55-4BF1-9F25-0143EB259EF9}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{5A027485-9A49-41D7-8D72-D6D30A475B54}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{448F320B-2644-4371-A111-4EC451340D05}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{A4473480-E8E0-4E18-A08A-A520AF877151}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{0D2EB0F2-7A2C-4D35-92DD-D90E1CD79C84}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{AA80E7B2-F43F-41B7-BF00-841E8349AD5D}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{C90164AB-F220-4C08-BB2F-B70309AE99C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{C1F549F7-BBDB-46D2-91CC-F5D78C298BCA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7FB83F0D-C0E2-4E4C-B827-C112A6B47C37}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

06-12-2018 16:24:20 Windows Modules Installer
08-12-2018 00:22:40 Windows Modules Installer
09-12-2018 01:01:55 Windows Modules Installer
10-12-2018 03:02:09 Windows Modules Installer
13-12-2018 22:39:45 Windows Update
16-12-2018 12:53:30 Garmin Express

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SXUPTP Driver
Description: SXUPTP Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: silex technology, Inc.
Service: sxuptp
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2019 03:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Faulting module name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Exception code: 0xc0000005
Fault offset: 0x00000000002c2715
Faulting process id: 0x52c
Faulting application start time: 0x01d4af67cdfd0c36
Faulting application path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Report Id: 03f3592c-0efd-464f-8fac-20d0240f7554
Faulting package full name:
Faulting package-relative application ID:

Error: (12/22/2018 06:26:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/22/2018 05:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Faulting module name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Exception code: 0xc0000409
Fault offset: 0x00000000000e966c
Faulting process id: 0x143c
Faulting application start time: 0x01d49a480deffe49
Faulting application path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Faulting module path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Report Id: 9e5cafdd-767d-4685-8dd6-3676bf001d0c
Faulting package full name:
Faulting package-relative application ID:

Error: (12/22/2018 05:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: CNC_BLC.dll, version: 20.1.0.1, time stamp: 0x4fbed08a
Exception code: 0xc0000005
Fault offset: 0x00000000000046bd
Faulting process id: 0x16ec
Faulting application start time: 0x01d49a480e528c0b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\system32\CNC_BLC.dll
Report Id: 74ed5495-c0d7-42de-9ffa-c4bf3b964487
Faulting package full name:
Faulting package-relative application ID:

Error: (12/22/2018 12:25:16 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (12/21/2018 12:35:44 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (12/21/2018 10:54:24 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (12/21/2018 09:58:08 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)


System errors:
=============
Error: (01/18/2019 10:50:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/18/2019 10:50:05 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (01/18/2019 10:49:10 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


Windows Defender:
===================================
Date: 2018-12-06 17:11:09.972
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B9FFFE2-0F14-40AD-B447-A5C62780410A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-18 22:49:10.722
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.

Date: 2019-01-18 22:49:10.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.

Date: 2019-01-18 22:49:10.721
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.

Date: 2019-01-18 22:49:10.717
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.

Date: 2019-01-18 22:49:10.717
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.634.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network.

CodeIntegrity:
===================================

Date: 2018-12-22 18:07:54.954
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.947
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.941
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.934
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.318
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.305
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.298
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 21%
Total physical RAM: 6133.17 MB
Available physical RAM: 4817.91 MB
Total Virtual: 12277.17 MB
Available Virtual: 11087.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.47 GB) (Free:487.49 GB) NTFS

\\?\Volume{44d36ca4-2eef-11df-af9c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 94959DDD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)

Let's begin... :)

 

Do you know that that computer was hit by Ransomware?

  • Highlight the entire content of the quote box below.

Start::
CMD: Type C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
Startregedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\idsvc]
"DisplayName"="@%systemroot%\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelInstallRC.dll,-8193"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
  6f,00,74,00,25,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,\
  00,2e,00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,\
  72,00,6b,00,5c,00,76,00,33,00,2e,00,30,00,5c,00,57,00,69,00,6e,00,64,00,6f,\
  00,77,00,73,00,20,00,43,00,6f,00,6d,00,6d,00,75,00,6e,00,69,00,63,00,61,00,\
  74,00,69,00,6f,00,6e,00,20,00,46,00,6f,00,75,00,6e,00,64,00,61,00,74,00,69,\
  00,6f,00,6e,00,5c,00,69,00,6e,00,66,00,6f,00,63,00,61,00,72,00,64,00,2e,00,\
  65,00,78,00,65,00,22,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%systemroot%\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelInstallRC.dll,-8192"
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,\
  67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,\
  00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,\
  00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
  65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\idsvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,05,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,03,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,\
  00,00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00

Endregedit:
2010-06-03 19:24 - 2014-02-12 12:55 - 000000046 _____ () C:\Users\allen\jagex_runescape_preferences.dat
2010-06-03 19:25 - 2014-02-12 12:55 - 000000129 _____ () C:\Users\allen\jagex_runescape_preferences2.dat
2010-06-03 19:25 - 2010-06-03 19:25 - 000000000 _____ () C:\Users\allen\jagex__preferences3.dat
2013-03-31 08:41 - 2013-03-31 08:41 - 055454464 _____ (Safer-Networking Ltd.                                       ) C:\Users\allen\SpybotnSD2.exe
2015-12-30 14:37 - 2015-12-30 14:37 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-03-04 17:31 - 2014-03-04 17:31 - 000000602 _____ () C:\Users\allen\AppData\Roaming\aps.scan.quick.results
2014-03-04 17:31 - 2014-03-04 17:31 - 000001343 _____ () C:\Users\allen\AppData\Roaming\aps.scan.results
2014-10-24 18:11 - 2014-10-24 18:11 - 000000276 _____ () C:\Users\allen\AppData\Roaming\INSTALL_TOR.URL
2014-10-24 17:26 - 2014-10-24 17:26 - 000000000 _____ () C:\Users\allen\AppData\Roaming\nvjtoi.dll
2010-04-22 15:09 - 2015-01-20 21:52 - 000003946 _____ () C:\Users\allen\AppData\Roaming\wklnhst.dat
2014-10-24 17:26 - 2014-10-24 17:26 - 000000448 ____H () C:\Users\allen\AppData\Roaming\麽鎒駓覜
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Roaming\Microsoft\INSTALL_TOR.URL
2012-12-25 11:06 - 2013-03-05 16:09 - 000000580 _____ () C:\Users\allen\AppData\Local\cookies.ini
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Local\INSTALL_TOR.URL
2018-12-16 21:40 - 2018-12-16 21:42 - 000007605 _____ () C:\Users\allen\AppData\Local\Resmon.ResmonCfg
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ () C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}
C:\$Recycle.Bin\S-1-5-21-2868494883-496666506-3604909990-1001\$21d795b1cb651fe9782fdd55be9fe90a
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\$Recycle.Bin\S-1-5-18\$21d795b1cb651fe9782fdd55be9fe90a
S1 MpKslea35dc30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C0B68CB-F80B-4DA9-A662-30CA2A8A2EDA}\MpKslea35dc30.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D960EE6A-188E-4CE7-BC3A-BA1352089ADB} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe  <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Reg: Reg delete HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers /v ProviderFileName2 /f
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Repair and restart button. This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

  • 0

#3
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

 

Do you know that that computer was hit by Ransomware?

 

No I did not, I kind of did suspected it but I didn't notice any of the common signs and just passes it off as hardware issues.

 

Here's the Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by allen (20-01-2019 17:29:37) Run:1
Running from C:\Users\allen\Desktop
Loaded Profiles: allen (Available Profiles: allen & Administrator)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CMD: Type C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
Startregedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\idsvc]
"DisplayName"="@%systemroot%\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelInstallRC.dll,-8193"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
  6f,00,74,00,25,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,\
  00,2e,00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,\
  72,00,6b,00,5c,00,76,00,33,00,2e,00,30,00,5c,00,57,00,69,00,6e,00,64,00,6f,\
  00,77,00,73,00,20,00,43,00,6f,00,6d,00,6d,00,75,00,6e,00,69,00,63,00,61,00,\
  74,00,69,00,6f,00,6e,00,20,00,46,00,6f,00,75,00,6e,00,64,00,61,00,74,00,69,\
  00,6f,00,6e,00,5c,00,69,00,6e,00,66,00,6f,00,63,00,61,00,72,00,64,00,2e,00,\
  65,00,78,00,65,00,22,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%systemroot%\\Microsoft.NET\\Framework\\v3.0\\Windows Communication Foundation\\ServiceModelInstallRC.dll,-8192"
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,\
  67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,\
  00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,\
  00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
  65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\idsvc\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,05,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,03,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,14,00,14,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,14,00,\
  00,00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00
Endregedit:
2010-06-03 19:24 - 2014-02-12 12:55 - 000000046 _____ () C:\Users\allen\jagex_runescape_preferences.dat
2010-06-03 19:25 - 2014-02-12 12:55 - 000000129 _____ () C:\Users\allen\jagex_runescape_preferences2.dat
2010-06-03 19:25 - 2010-06-03 19:25 - 000000000 _____ () C:\Users\allen\jagex__preferences3.dat
2013-03-31 08:41 - 2013-03-31 08:41 - 055454464 _____ (Safer-Networking Ltd.                                       ) C:\Users\allen\SpybotnSD2.exe
2015-12-30 14:37 - 2015-12-30 14:37 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-03-04 17:31 - 2014-03-04 17:31 - 000000602 _____ () C:\Users\allen\AppData\Roaming\aps.scan.quick.results
2014-03-04 17:31 - 2014-03-04 17:31 - 000001343 _____ () C:\Users\allen\AppData\Roaming\aps.scan.results
2014-10-24 18:11 - 2014-10-24 18:11 - 000000276 _____ () C:\Users\allen\AppData\Roaming\INSTALL_TOR.URL
2014-10-24 17:26 - 2014-10-24 17:26 - 000000000 _____ () C:\Users\allen\AppData\Roaming\nvjtoi.dll
2010-04-22 15:09 - 2015-01-20 21:52 - 000003946 _____ () C:\Users\allen\AppData\Roaming\wklnhst.dat
2014-10-24 17:26 - 2014-10-24 17:26 - 000000448 ____H () C:\Users\allen\AppData\Roaming\麽鎒駓覜
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Roaming\Microsoft\INSTALL_TOR.URL
2012-12-25 11:06 - 2013-03-05 16:09 - 000000580 _____ () C:\Users\allen\AppData\Local\cookies.ini
2014-10-24 18:08 - 2014-10-24 18:08 - 000008542 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-24 18:08 - 2014-10-24 18:08 - 000004214 _____ () C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-24 18:08 - 2014-10-24 18:08 - 000000276 _____ () C:\Users\allen\AppData\Local\INSTALL_TOR.URL
2018-12-16 21:40 - 2018-12-16 21:42 - 000007605 _____ () C:\Users\allen\AppData\Local\Resmon.ResmonCfg
2018-12-22 17:59 - 2018-12-22 17:59 - 000000000 _____ () C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A}
C:\$Recycle.Bin\S-1-5-21-2868494883-496666506-3604909990-1001\$21d795b1cb651fe9782fdd55be9fe90a
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\$Recycle.Bin\S-1-5-18\$21d795b1cb651fe9782fdd55be9fe90a
S1 MpKslea35dc30; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C0B68CB-F80B-4DA9-A662-30CA2A8A2EDA}\MpKslea35dc30.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D960EE6A-188E-4CE7-BC3A-BA1352089ADB} - System32\Tasks\0 => c:\program files (x86)\internet explorer\iexplore.exe  <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0721303B-03A1-40D0-9B4D-F1F148ABB111} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1E78AB75-0DB0-4984-8E43-13BCDC39CD3F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6396CAAD-9ADF-4290-8BC2-9FFB23A9816E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77214D46-EE87-4322-8BB5-4F0DB1197447} - \{E2301038-65E3-4190-8754-68B7FDEF82DF} -> No File <==== ATTENTION
Task: {8BAC1396-FCD4-405E-BCFA-DA473AEDB761} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99CD0AC1-3130-49E5-AF2A-938BE48D21DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9FAC3501-AB9A-44D2-B5F3-776D25A43395} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A3AB5681-A442-42EF-8342-917F950B6E4B} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {A4574E8E-97CB-4C0B-BE24-FE957B81C4AF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A5F8E003-ED0E-4A3A-9088-71D7B58E189A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BA64B977-E04E-43DF-B8F4-26F8B6841208} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C997E638-E9CD-40DF-87EE-5D6D3729B8DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DA3157B7-6B37-4077-A035-ECAE1AFD3A81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E6AAAC54-28FC-47E0-958D-31D57D2DCAF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {ED477A8D-8094-427F-AA2D-A84CC7AA3B6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFA121EB-39A2-4260-9F31-3C0C796D14FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Reg: Reg delete HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers /v ProviderFileName2 /f
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
2019-01-18 02:47 - 2019-01-18 02:47 - 000000000 _____ () C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll
Task: {620798B2-BA2A-4D83-8D42-58A0502E7817} - System32\Tasks\4705 => wscript.exe C:\Users\allen\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AF2E122D-AFAF-4AE8-BB75-9C8AF650003F} - System32\Tasks\22c5bd3c => C:\Users\allen\AppData\Local\Temp\\setup2351006596.exe <==== ATTENTION
Task: {BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0} - System32\Tasks\BearShareNAG => C:\Users\allen\AppData\Local\Temp\BearShare_setup.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath
EMPTYTEMP:
Reboot:

*****************


========= Type C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT =========

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)


What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.


How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.


What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/18992c3
2.https://paytordmbdekmizq.pay2tor.com/18992c3
3.https://paytordmbdekmizq.tor2pay.com/18992c3
4.https://paytordmbdekmizq.pay4tor.com/18992c3

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/18992c3
4.Follow the instructions on the site.


IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/18992c3
Your personal page (using TOR): paytordmbdekmizq.onion/18992c3
Your personal identification number (if you open the site (or TOR 's) directly): 18992c3
========= End of CMD: =========


====> Registry
C:\Users\allen\jagex_runescape_preferences.dat => moved successfully
C:\Users\allen\jagex_runescape_preferences2.dat => moved successfully
C:\Users\allen\jagex__preferences3.dat => moved successfully
C:\Users\allen\SpybotnSD2.exe => moved successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => moved successfully
C:\Users\allen\AppData\Roaming\aps.scan.quick.results => moved successfully
C:\Users\allen\AppData\Roaming\aps.scan.results => moved successfully
C:\Users\allen\AppData\Roaming\INSTALL_TOR.URL => moved successfully
C:\Users\allen\AppData\Roaming\nvjtoi.dll => moved successfully
C:\Users\allen\AppData\Roaming\wklnhst.dat => moved successfully
C:\Users\allen\AppData\Roaming\麽鎒駓覜 => moved successfully
C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.HTML => moved successfully
C:\Users\allen\AppData\Roaming\Microsoft\DECRYPT_INSTRUCTION.TXT => moved successfully
C:\Users\allen\AppData\Roaming\Microsoft\INSTALL_TOR.URL => moved successfully
C:\Users\allen\AppData\Local\cookies.ini => moved successfully
C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.HTML => moved successfully
C:\Users\allen\AppData\Local\DECRYPT_INSTRUCTION.TXT => moved successfully
C:\Users\allen\AppData\Local\INSTALL_TOR.URL => moved successfully
C:\Users\allen\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\allen\AppData\Local\{BCAA6E8A-B159-48D9-A8B6-57F2DDCE7C6A} => moved successfully
C:\$Recycle.Bin\S-1-5-21-2868494883-496666506-3604909990-1001\$21d795b1cb651fe9782fdd55be9fe90a => moved successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\$Recycle.Bin\S-1-5-18\$21d795b1cb651fe9782fdd55be9fe90a => moved successfully
HKLM\System\CurrentControlSet\Services\MpKslea35dc30 => removed successfully
MpKslea35dc30 => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => removed successfully
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => removed successfully
C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0721303B-03A1-40D0-9B4D-F1F148ABB111}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0721303B-03A1-40D0-9B4D-F1F148ABB111}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E78AB75-0DB0-4984-8E43-13BCDC39CD3F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E78AB75-0DB0-4984-8E43-13BCDC39CD3F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620798B2-BA2A-4D83-8D42-58A0502E7817}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620798B2-BA2A-4D83-8D42-58A0502E7817}" => removed successfully
C:\WINDOWS\System32\Tasks\4705 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4705" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6396CAAD-9ADF-4290-8BC2-9FFB23A9816E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6396CAAD-9ADF-4290-8BC2-9FFB23A9816E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77214D46-EE87-4322-8BB5-4F0DB1197447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77214D46-EE87-4322-8BB5-4F0DB1197447}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2301038-65E3-4190-8754-68B7FDEF82DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8BAC1396-FCD4-405E-BCFA-DA473AEDB761}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BAC1396-FCD4-405E-BCFA-DA473AEDB761}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99CD0AC1-3130-49E5-AF2A-938BE48D21DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CD0AC1-3130-49E5-AF2A-938BE48D21DF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FAC3501-AB9A-44D2-B5F3-776D25A43395}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FAC3501-AB9A-44D2-B5F3-776D25A43395}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3AB5681-A442-42EF-8342-917F950B6E4B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AB5681-A442-42EF-8342-917F950B6E4B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4574E8E-97CB-4C0B-BE24-FE957B81C4AF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4574E8E-97CB-4C0B-BE24-FE957B81C4AF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F8E003-ED0E-4A3A-9088-71D7B58E189A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F8E003-ED0E-4A3A-9088-71D7B58E189A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF2E122D-AFAF-4AE8-BB75-9C8AF650003F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2E122D-AFAF-4AE8-BB75-9C8AF650003F}" => removed successfully
C:\WINDOWS\System32\Tasks\22c5bd3c => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\22c5bd3c" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA64B977-E04E-43DF-B8F4-26F8B6841208}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA64B977-E04E-43DF-B8F4-26F8B6841208}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0}" => removed successfully
C:\WINDOWS\System32\Tasks\BearShareNAG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BearShareNAG" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C997E638-E9CD-40DF-87EE-5D6D3729B8DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C997E638-E9CD-40DF-87EE-5D6D3729B8DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D960EE6A-188E-4CE7-BC3A-BA1352089ADB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D960EE6A-188E-4CE7-BC3A-BA1352089ADB}" => removed successfully
C:\WINDOWS\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA3157B7-6B37-4077-A035-ECAE1AFD3A81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA3157B7-6B37-4077-A035-ECAE1AFD3A81}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6AAAC54-28FC-47E0-958D-31D57D2DCAF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AAAC54-28FC-47E0-958D-31D57D2DCAF4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED477A8D-8094-427F-AA2D-A84CC7AA3B6E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED477A8D-8094-427F-AA2D-A84CC7AA3B6E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFA121EB-39A2-4260-9F31-3C0C796D14FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA121EB-39A2-4260-9F31-3C0C796D14FE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
"HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
Toolbar: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => removed successfully
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => removed successfully
"C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll" => not found
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File] => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File] => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0721303B-03A1-40D0-9B4D-F1F148ABB111}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E78AB75-0DB0-4984-8E43-13BCDC39CD3F}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6396CAAD-9ADF-4290-8BC2-9FFB23A9816E}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77214D46-EE87-4322-8BB5-4F0DB1197447}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2301038-65E3-4190-8754-68B7FDEF82DF}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BAC1396-FCD4-405E-BCFA-DA473AEDB761}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CD0AC1-3130-49E5-AF2A-938BE48D21DF}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FAC3501-AB9A-44D2-B5F3-776D25A43395}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AB5681-A442-42EF-8342-917F950B6E4B}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4574E8E-97CB-4C0B-BE24-FE957B81C4AF}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F8E003-ED0E-4A3A-9088-71D7B58E189A}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA64B977-E04E-43DF-B8F4-26F8B6841208}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C997E638-E9CD-40DF-87EE-5D6D3729B8DB}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D47EB6FB-8612-47FF-B4D7-0DAFDB4654C2}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA3157B7-6B37-4077-A035-ECAE1AFD3A81}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AAAC54-28FC-47E0-958D-31D57D2DCAF4}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED477A8D-8094-427F-AA2D-A84CC7AA3B6E}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA121EB-39A2-4260-9F31-3C0C796D14FE}" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found

========= Reg delete HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers /v ProviderFileName2 /f =========

The operation completed successfully.



========= End of Reg: =========

HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => not found
"C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll" => not found
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File] => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\allen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620798B2-BA2A-4D83-8D42-58A0502E7817}" => not found
"C:\WINDOWS\System32\Tasks\4705" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4705" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2E122D-AFAF-4AE8-BB75-9C8AF650003F}" => not found
"C:\WINDOWS\System32\Tasks\22c5bd3c" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\22c5bd3c" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0}" => not found
"C:\WINDOWS\System32\Tasks\BearShareNAG" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BearShareNAG" => not found
"C:\Users\allen\AppData\Local\Temp\hph-s7pv.dll" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620798B2-BA2A-4D83-8D42-58A0502E7817}" => not found
"C:\WINDOWS\System32\Tasks\4705" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4705" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2E122D-AFAF-4AE8-BB75-9C8AF650003F}" => not found
"C:\WINDOWS\System32\Tasks\22c5bd3c" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\22c5bd3c" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4C84BE-351C-4BF6-BAF5-B4DA2AA9C6D0}" => not found
"C:\WINDOWS\System32\Tasks\BearShareNAG" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BearShareNAG" => not found
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224004711_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01182019224142054_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> no filepath => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2868494883-496666506-3604909990-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 85882564 B
Java, Flash, Steam htmlcache => 1330 B
Windows/system/drivers => 429360 B
Edge => 3584 B
Chrome => 1135174 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 9566884 B
systemprofile32 => 895566 B
LocalService => 188508 B
LocalService => 0 B
NetworkService => 53194 B
NetworkService => 0 B
allen => 9234110 B
Administrator.allen-PC => 449844 B
DefaultAppPool => 33058 B

RecycleBin => 47149030 B
EmptyTemp: => 158.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:30:31 ====

I restarted in Safe mode and I didn't get a log pop up so I went to C:\AdwCleaner\Logs and had 2 .txt file logs AdwCleaner[C00].txt and AdwCleaner[S00] so I'm guessing I post both of those in that order.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-20-2019
# Duration: 00:00:06
# OS:       Windows 10 Home
# Cleaned:  108
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\AVG_UPDATE_0215TB
Deleted       C:\Users\allen\AppData\LocalLow\ShopAtHome
Deleted       C:\Users\allen\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\D1293D3ED5BD9ED0298E4346A7D5DFFE
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar
Deleted       HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2868494883-496666506-3604909990-1001\Software\BEFRUGAL
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted       HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted       HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ShopAtHomeHelper.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\TbCommonUtils.DLL
Deleted       HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{DC4F1329-2852-42D3-83F1-ED8DF06E3EC7}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
Deleted       HKLM\Software\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
Deleted       HKLM\Software\Wow6432Node\Classes\Interface\{6E673599-659A-439E-837D-A0931AFA3A7F}
Deleted       HKLM\Software\Classes\Interface\{6E673599-659A-439E-837D-A0931AFA3A7F}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Deleted       HKLM\Software\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Deleted       HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted       HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted       HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted       HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Deleted       HKLM\Software\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Deleted       HKLM\Software\Wow6432Node\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Deleted       HKLM\Software\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F8E9C2AD-6C00-4D86-AE59-C266DCF539DD}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\StartNow Search Protect
Deleted       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
Deleted       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar

***** [ Chromium (and derivatives) ] *****

Deleted       iLivid
Deleted       aaaaaiabcopkplhgaedhbloeejhhankf

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       Ask
Deleted       Ask
Deleted       AOL
Deleted       AOL
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [13479 octets] - [20/01/2019 17:40:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build:    12-18-2018
# Database: 2018-12-17.4 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-20-2019
# Duration: 00:00:33
# OS:       Windows 10 Home
# Scanned:  32224
# Detected: 108


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic            C:\ProgramData\AVG_UPDATE_0215TB
PUP.Optional.Legacy             C:\Users\allen\AppData\LocalLow\ShopAtHome
PUP.Optional.Legacy             C:\Users\allen\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

PUP.Optional.Legacy             C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic            HKCU\SOFTWARE\D1293D3ED5BD9ED0298E4346A7D5DFFE
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ShopAtHomeWatcher
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
PUP.Optional.Legacy             HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2868494883-496666506-3604909990-1001\Software\BEFRUGAL
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\ShopAtHomeHelper.EXE
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\TbHelper.EXE
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\TbCommonUtils.DLL
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\ScriptHelper.EXE
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{DC4F1329-2852-42D3-83F1-ED8DF06E3EC7}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{2A05A54D-0614-4EA3-B955-8814E45DCD83}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\Interface\{6E673599-659A-439E-837D-A0931AFA3A7F}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{6E673599-659A-439E-837D-A0931AFA3A7F}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F8E9C2AD-6C00-4D86-AE59-C266DCF539DD}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
PUP.Optional.StartNow           HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\StartNow Search Protect
PUP.Optional.Zugo               HKU\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
PUP.Optional.Zugo               HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Ilivid             iLivid
PUP.Optional.SearchApp          aaaaaiabcopkplhgaedhbloeejhhankf

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
PUP.Optional.Legacy             AOL
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

This is the Ramson note:

 

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)


What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.


How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.


What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/18992c3
2.https://paytordmbdekmizq.pay2tor.com/18992c3
3.https://paytordmbdekmizq.tor2pay.com/18992c3
4.https://paytordmbdekmizq.pay4tor.com/18992c3

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/18992c3
4.Follow the instructions on the site.


IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/18992c3
Your personal page (using TOR): paytordmbdekmizq.onion/18992c3
Your personal identification number (if you open the site (or TOR 's) directly): 18992c3

 

Have you checked your documents and pictures? Do they open?

 

 One more scan:


favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg



  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 


  • 0

#5
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

 

Have you checked your documents and pictures? Do they open?

I haven't tried, not really sure where to look since this isn't my PC but I'll try digging and seeing if something comes up.

 

 

 

 

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

Is just downloading the .exe enough or do I need internet connection to download updates for mb3? Because I completely forgot to mention that PC I'm trying to clean also has no way of getting internet, as in I have no extra router or ethernet ports available. Is there a portable version of mb3 that I can update on a thumb drive and move it over to the infected PC?


Edited by SunnySeven, 21 January 2019 - 12:42 AM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Give it a try without the update
  • 0

#7
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I just tried it and the PC still crashed during a scan. The PC crashed, flickered over to the "Your PC ran into a problem" screen then rebooted itself. I also still had problems of the PC freezing when idol before I did this next scan. After the PC rebooted, I went back to safe mode to try to do the scan again and now Malware Bytes won't even start anymore but when I check the task manager I can see it running in different processes and services. I tried reinstalling it with the same installation and now I get an error message saying "Unable to start - Unable to connect the Service".


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

1. Download the Sysnative BSOD Dump + System File Collection App - save to Documents folder -    http:https://www.sysnative.com/blogs/download/sysnativebsodcollectionapp-exe/
 
2. Run the Sysnative app - Double-click on the downloaded EXE file

 

    The two outputs from the Sysnative app are:

  • new folder created in Documents, SysnativeFileCollectionApp 
  • a zipped version, SysnativeFileCollectionApp.zip
  • attach the SysnativeFileCollectionApp.zip file to the message

  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Also:
 
If you havent already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:
NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.
  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Get Started!"
  • Click the Advanced tab

    1944505166_Repairmenu_arrows.png.566f861

  • Click the Gather Logs button

    Advanced_arrows.png.4bf56db369b0b175ee2b

  • A progress bar will appear and the program will proceed with getting logs from your computer

    715586608_AdvancedGatherLogs_arrows.png.

  • Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

    164871969_AdvancedGatherLogscompleted_ar

  • Please attach the file in your next reply.

  • 0

#10
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Here's both the SysnativeFileCollectionApp.zip and the mbst-grab-results.zip

Attached Files


  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Open an Administrator command prompt. At the prompt type the following and press Enter:

SFC /ScanNow

If successful type (or copy and paste) the following and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%"\Desktop\sfcdetails.txt

Type Exit and press Enter to leave the prompt.

This will create a file on your desktop, sfcdetails.txt. Please post its contents in a reply.

Let me know any error you may experience with this.

 

 

MBAM seems to be having problems reaching some of it's own files. In your position I would use the support tool to Clean (Remove) Malwarebytes and reinstall. Then scan the computer.

 

Keep me posted.


  • 0

#12
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

I created a sfcdetails.txt with zero issues but there's nothing in it. Its just an empty txt file. As for removing and reinstalling malwarebytes with the support tool, it worked on getting malwarebytes running again but I wasn't sure if you wanted me to scan with the normal malwarebytes or the support tool but either way I did another scan with the normal version of malwarebytes. This time I recorded the scan so I can go into more detail as to what usually happens during a scan.

 

Basically there will be 9 threats detected by the time it reaches the "Scan File System", afterwards it'll either crash and reboot or just freezes before it reaches the "Heuristics Analysis". I managed to take a look at what it kept detecting before the crash.

 

sz6dIVQ.jpg

 

 

This time it froze and would get this.

 

xKrp1ga.jpg

 

 


  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Try in safe mode, but turn your security programs off.

Let me see another set of FRST logs.
  • 0

#14
SunnySeven

SunnySeven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

That actually was done in safe mode, everything I've been doing has been done in safe mode. As for turning off the security programs, I'm not really sure how to go about doing this. Like I mentioned before, this isn't really my PC and I'm trying to fix it for the owner and they had some weird trial antivirus program I've never heard of installed along with AVG(which doesn't start at all). If I could remove that other one then that'll be fine since it clearly wasn't doing anything good. I'll go ahead and post the FRST logs though

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01
Ran by allen (administrator) on ALLEN-PC (22-01-2019 15:16:29)
Running from C:\Users\allen\Desktop
Loaded Profiles: allen &  (Available Profiles: allen & Administrator)
Platform: Windows 10 Home Version 1803 17134.471 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\pcaui.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6848544 2008-11-04] (Realtek Semiconductor)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150425212\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607586\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150427180\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607758\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Run: [MBST] => C:\Users\allen\AppData\Local\Temp\mwb15F.tmp\mb-support.exe [1387216 2018-11-08] (Malwarebytes Corporation) <==== ATTENTION
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Run: [MBST] => C:\Users\allen\AppData\Local\Temp\mwb15F.tmp\mb-support.exe [1387216 2018-11-08] (Malwarebytes Corporation) <==== ATTENTION
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3680256 2010-07-22] (Ares Development Group)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30784504 2018-08-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [Amazon Music Helper] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3062712 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [Amazon Music] => C:\Users\allen\AppData\Local\Amazon Music\Amazon Music.exe [19715000 2018-11-29] (Amazon Services LLC)
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Run: [MBST] => C:\Users\allen\AppData\Local\Temp\mwb15F.tmp\mb-support.exe [1387216 2018-11-08] (Malwarebytes Corporation) <==== ATTENTION
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\RunOnce: [Application Restart #0] => C:\Windows\HelpPane.exe [1054720 2018-06-15] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150433712\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150609039\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKLM\...\Drivers32-x32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\...\Drivers32-x32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [445504 2008-03-12] (On2.com)
HKLM\Software\...\AppCompatFlags\Custom\SndVol.exe: [{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb] -> cmd
HKLM\Software\...\AppCompatFlags\InstalledSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb [2014-10-24]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\Installer\chrmstp.exe [2018-11-28] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Administrator.allen-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-12-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-30]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\Users\allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.msn.com/
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/?pc=U147C&ocid=U147CDHP
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> 6EAF779856D74FD19B017128B18D68D4 URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024 -> 6EAF779856D74FD19B017128B18D68D4 URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946 -> DefaultScope {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946 -> 6EAF779856D74FD19B017128B18D68D4 URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U147CD&PC=U147C&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946 -> {27C7B9FF-41FD-4060-9E2D-D62675457F09} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
SearchScopes: HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711 -> {BEC5431E-6C44-492B-96C4-991B41594EAD} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-12-16] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-27] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-30] (Webroot)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-30] (Webroot)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default [2019-01-20]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Google Search) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-04]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-09-19]
CHR Extension: (No Name) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2016-01-30]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-10]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-20]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-20]
CHR Extension: (Slides) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-26]
CHR Extension: (Docs) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-26]
CHR Extension: (Google Drive) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-26]
CHR Extension: (YouTube) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-26]
CHR Extension: (Adobe Acrobat) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-11-26]
CHR Extension: (Sheets) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjeghcllfecehndceplomkocgfbklffd [2018-11-26]
CHR Extension: (Webroot Password Manager) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-26]
CHR Extension: (Gmail) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\allen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-26]
CHR Profile: C:\Users\allen\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-20]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
S2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-01] (PC-Doctor, Inc.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] ()
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-09-12] (CloudBees, Inc.)
S2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-09-12] (Rivet Networks)
S2 SNMP; C:\WINDOWS\System32\snmp.exe [52736 2018-04-12] (Microsoft Corporation)
S2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3955344 2018-12-12] (Webroot)
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2019-01-18] ()
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-22] (Malwarebytes)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-09-12] (Rivet Networks, LLC.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [286176 2017-04-10] (silex technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-08-09] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-22 15:16 - 2019-01-22 15:17 - 000034386 _____ C:\Users\allen\Desktop\FRST.txt
2019-01-21 23:47 - 2019-01-22 15:03 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-21 23:47 - 2019-01-21 23:47 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-21 23:47 - 2019-01-21 23:47 - 000000000 ____D C:\Users\allen\AppData\Local\mbamtray
2019-01-21 23:47 - 2019-01-21 23:47 - 000000000 ____D C:\Users\allen\AppData\Local\mbam
2019-01-21 23:47 - 2019-01-21 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-21 23:46 - 2019-01-21 23:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-21 23:46 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-21 23:34 - 2019-01-21 23:34 - 000000000 _____ C:\Users\allen\Desktop\sfcdetails.txt
2019-01-21 15:25 - 2019-01-21 15:25 - 000076311 _____ C:\Users\allen\Desktop\mbst-grab-results.zip
2019-01-21 15:23 - 2019-01-21 14:43 - 003571440 _____ C:\Users\allen\Desktop\mb-support-1.3.1.553.exe
2019-01-21 15:20 - 2019-01-21 15:20 - 001805422 _____ C:\Users\allen\Documents\SysnativeFileCollectionApp.zip
2019-01-21 14:59 - 2019-01-21 15:19 - 000000000 ____D C:\Users\allen\Documents\SysnativeFileCollectionApp
2019-01-21 14:57 - 2019-01-21 14:19 - 000158720 _____ (Sysnative) C:\Users\allen\Documents\SysnativeBSODCollectionApp.exe
2019-01-21 14:57 - 2019-01-21 00:53 - 082430032 _____ (Malwarebytes ) C:\Users\allen\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8878.exe
2019-01-20 17:38 - 2019-01-20 17:41 - 000000000 ____D C:\AdwCleaner
2019-01-20 17:37 - 2019-01-22 15:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-01-20 17:28 - 2019-01-20 16:57 - 007320272 _____ (Malwarebytes) C:\Users\allen\Desktop\adwcleaner_7.2.6.0.exe
2019-01-18 22:45 - 2019-01-22 15:16 - 000000000 ____D C:\FRST
2019-01-18 15:34 - 2019-01-18 15:34 - 000000000 ____D C:\Users\allen\Desktop\ClamWinPortable
2019-01-18 14:57 - 2019-01-18 14:57 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-01-18 14:56 - 2019-01-18 14:56 - 000000000 ____D C:\Program Files\HitmanPro
2019-01-18 14:55 - 2019-01-18 15:05 - 000000000 ____D C:\ProgramData\HitmanPro
2019-01-18 14:55 - 2019-01-18 14:51 - 002427904 _____ (Farbar) C:\Users\allen\Desktop\FRST64.exe
2019-01-18 14:55 - 2019-01-18 14:45 - 008018400 _____ (PortableApps.com) C:\Users\allen\Desktop\ClamWinPortable_0.99.4_English.paf.exe
2019-01-18 14:01 - 2019-01-18 14:01 - 000000000 ____D C:\Users\allen\AppData\Local\ESET
2019-01-18 02:50 - 2019-01-22 15:17 - 001756656 _____ C:\WINDOWS\ntbtlog.txt

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-22 15:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-01-22 15:05 - 2017-12-10 15:59 - 000000000 ___HD C:\Users\allen\MicrosoftEdgeBackups
2019-01-22 15:03 - 2018-05-22 20:02 - 000000000 ____D C:\Users\allen
2019-01-22 15:00 - 2018-05-22 20:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-01-22 14:59 - 2015-12-30 14:35 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2019-01-22 14:59 - 2015-12-30 14:35 - 000231104 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2019-01-22 14:59 - 2010-03-13 15:35 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2019-01-22 14:58 - 2018-05-22 19:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-01-21 23:46 - 2018-12-22 18:09 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-21 23:41 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-01-21 15:00 - 2018-12-16 18:15 - 000000000 ____D C:\Users\allen\AppData\Local\D3DSCache
2019-01-21 02:14 - 2011-10-09 15:42 - 000000000 ____D C:\Users\allen\AppData\Local\CrashDumps
2019-01-20 17:30 - 2011-02-19 11:05 - 000000000 ____D C:\Users\allen\AppData\LocalLow\Temp
2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\DefaultAppPool
2019-01-18 22:44 - 2018-05-22 20:02 - 000000000 ____D C:\Users\Administrator.allen-PC
2019-01-18 03:24 - 2018-12-22 16:50 - 000000000 ____D C:\Users\allen\Desktop\CrystalDiskInfo8_0_0
2019-01-18 03:24 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-01-18 02:55 - 2018-05-22 19:57 - 000975392 _____ C:\WINDOWS\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Users\allen\AppData\Local\Temp\mwb15F.tmp\mb-support.exe


Some files in TEMP:
====================
2019-01-21 02:16 - 2019-01-21 00:53 - 082430032 _____ (Malwarebytes                                                ) C:\Users\allen\AppData\Local\Temp\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8878.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 19:53

==================== End of FRST.txt ============================

And the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01
Ran by allen (22-01-2019 15:17:58)
Running from C:\Users\allen\Desktop
Windows 10 Home Version 1803 17134.471 (X64) (2018-05-23 01:28:14)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2868494883-496666506-3604909990-500 - Administrator - Disabled) => C:\Users\Administrator.allen-PC
allen (S-1-5-21-2868494883-496666506-3604909990-1001 - Administrator - Enabled) => C:\Users\allen
DefaultAccount (S-1-5-21-2868494883-496666506-3604909990-503 - Limited - Disabled)
Guest (S-1-5-21-2868494883-496666506-3604909990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2868494883-496666506-3604909990-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2868494883-496666506-3604909990-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\Amazon Amazon Music) (Version: 7.0.3.1540 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{BA6C6C01-097B-4E79-9CAA-0FB9F863ED7C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ares 3.1.6.3040 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.6.3040 - Ares)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (HKLM-x32\...\{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}) (Version: 16.0.345.0 - Microsoft Corporation) Hidden
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\blinkx beat) (Version: 1.5.0 - blinkx)
blinkx beat (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\blinkx beat) (Version: 1.5.0 - blinkx)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
cmd (HKLM\...\{c47364d8-3a89-4a96-83ca-ff8b61cec670}.sdb) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{5F641343-FA40-4084-855A-7FA3251783DC}) (Version: 2.0.2.1840 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Elevated Installer (HKLM-x32\...\{98EFD351-ECFC-41FA-83A4-7BFF16ED65E7}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{1e266d7b-b23c-4e1e-afd0-0ee47558133d}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{61863549-E2F6-443E-94FE-622AE4168B7E}) (Version: 6.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Limewire Plus+ 1.0.1.8082 (HKLM-x32\...\{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1) (Version: 1.0.1.8082 - Limewire Plus+)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for allen (HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartByte Drivers and Services (HKLM\...\{6AD3253B-AFE1-436E-971B-B16D8C6ABA3F}) (Version: 2.0.637 - Rivet Networks)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
TreeSize Free V2.3.3 (HKLM-x32\...\TreeSize Free_is1) (Version:  - JAM Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VTech Download Agent Library (HKLM-x32\...\{40C4903E-EDFB-4CAE-A611-41FEBA585921}) (Version: 1.00.0000 - VTech) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.24.37 - Webroot)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B01 - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2019-01-22] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2019-01-22] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2019-01-22] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2019-01-22] (Webroot)
ContextMenuHandlers1: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-22] (Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers6: [Belkin HistoryBrowser] -> {5E0A7F0F-4B41-4661-A084-BFF3F8CBDE25} => C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkHistoryBrowser.dll [2010-02-17] (Belkin International, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2019-01-22] (Webroot)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C9AB3-14F6-4636-8934-B73766408965} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19A45F6F-18DD-48ED-9CBE-3C36D1291E51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {2020FE09-8670-44EF-9C16-BB1928117C65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {202B78D2-8ABB-4B57-B02B-F419CEF24F53} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3135058B-5E56-40B5-9552-EA5C622B7776} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {40468A8D-AB13-452D-84FE-453A72A69306} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {46C49DB5-2E51-4840-B050-9A6EA15EAB7E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
Task: {4A175B05-7477-44B7-876C-3430D4FB47A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {4FEE5DEB-D32F-4B82-B13B-97DEA2561B13} - System32\Tasks\S-1-5-21-2868494883-496666506-3604909990-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
Task: {579BDB0C-14BB-4BFE-AAD1-741398CFCAC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {5928F11C-83E1-47F3-B3F6-BB6179E95105} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {655A0AFF-9B12-4AF8-96F2-8E1314CAEF93} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {688CC475-BDDC-4529-89A7-D151F76BB0E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6978768B-9435-47FC-A253-35ED859C8589} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-08-31] ()
Task: {81756A66-7686-4FB5-841C-630E54BE761D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83A002A8-ECA0-46AA-B2CD-3A75CCA41479} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [2018-09-12] (DELL)
Task: {86569E59-CCBB-49CF-9E46-F1A697AED73D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {86613859-C14E-49D6-B388-41A103AFD71F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8D95EE1A-76FB-4001-BCA4-4458E3753746} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9265BB05-318E-4BED-83D4-98B1E3DDA1EC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {97B65DD4-7F8E-4045-BC47-3D10037A32B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {A04F32F2-62C8-40E7-B2CE-C5DF3A98C09C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation)
Task: {C6E191BD-A0BB-457A-A90C-C6DA7C4984EC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6EB5983-92CB-4F02-9103-87276BF921DC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C8428EFE-64C0-4699-A8BE-A84CAF850017} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {D07B2852-F431-4C8B-8C62-E74C8FA677E7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DBF49D28-CA1A-4F12-BD0F-883F8F6C1135} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC0B0A4-1912-43BC-85DE-63F16E0E8097} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DF24C33F-7BFC-424E-BCE4-A3002AAA8933} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E40FFBD0-0EA5-4832-83BA-7C5FFD5909CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {E7538BF4-59CC-479E-B32E-F5825103C9AF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E77694B2-110E-4C93-BBA2-88F7C9879653} - System32\Tasks\{74E3C764-CE51-6F22-1DFD-EDD8E01B3953} => C:\Windows\system32\regsvr32.exe /s "C:\Users\allen\AppData\Roaming\ktwifx.dll"
Task: {ED4B1096-05ED-4586-9E4C-8B95EF2AE65C} - System32\Tasks\{66803BAE-8341-46F1-8A9B-1399037AC030} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {F025CB1E-DAD5-4720-B2C1-DEC7AA94305F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F10F634F-C582-4598-891E-73C244C69D09} - System32\Tasks\{A8B686EA-B167-43BF-99B1-493D6157E870} => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
Task: {F2252087-41C1-45AA-8A84-A18E6B1C0771} - System32\Tasks\{B54FE0E7-C9FA-491D-965E-5DA4BD1E4687} => C:\Windows\system32\pcalua.exe -a "C:\Users\allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZWKMEIG\pspvideo9_Installer[1].exe" -d C:\Users\allen\Desktop
Task: {F4263EEF-5614-4E80-B526-C868D2618A80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {F53F8269-8EC0-49FB-B176-F0647982804B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F72AA359-8985-41CE-91DD-CDEF3A14793A} - System32\Tasks\{84277C7A-38EB-4135-9339-D77CB539AEF7} => C:\Windows\system32\pcalua.exe -a "I:\Power DVD Deluxe v7.0Full\Install\Setup.exe" -d "I:\Power DVD Deluxe v7.0Full\Install"
Task: {F8DFA56F-C68E-4206-9B3E-C2E1781C0432} - System32\Tasks\Ongoing package check => C:\Users\allen\AppData\Roaming\VOPackage\VOPackage.exe
Task: {F94C2043-26FA-43BB-B0CF-F417B18EAF85} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC9D31C3-4034-4385-A44D-1E0013B24C44} - System32\Tasks\Norton Security Scan for allen => C:\PROGRA~2\NORTON~2\Engine\313~1.7\Nss.exe
Task: {FEAB17AD-C592-4264-B5F9-90B2C7AAEC0C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\allen\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\allen\Desktop\Robert - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2019-01-21 23:47 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-20 04:46 - 2018-11-20 04:46 - 004310296 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-14 02:11 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2013-04-30 18:48 - 2010-02-17 17:25 - 000149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2018-12-14 20:57 - 2018-12-14 22:59 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-14 02:11 - 2018-12-08 02:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150425212\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607586\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150427180\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607758\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150428024\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150607946\Control Panel\Desktop\\Wallpaper -> c:\users\allen\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{7f11f6f4-d2f7-4ac4-b042-9a2910c6b234}.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150431212\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 CHROME 1920x1200.jpg
HKU\S-1-5-21-2868494883-496666506-3604909990-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150608711\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 CHROME 1920x1200.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150433712\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01222019150609039\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: AgentMonitor => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: egidPXEnjJF.exe => C:\ProgramData\egidPXEnjJF.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: limewire plus+ => "C:\Program Files (x86)\Limewire Plus+\limewire.exe" -h
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\allen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Corporation)
FirewallRules: [TCP Query User{CE5E0604-710F-4363-8845-D57307CDD231}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{415671FB-36CC-48AF-AD26-69909DBEA17F}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{B4A716E5-DC03-475F-8F24-9C1DC78C6602}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{FE9DC3D9-0BA9-4B6A-8E18-A9A10783FF75}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{71169C87-C998-4F69-8DD2-1CCB48CB42B0}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{08B600A8-DC59-4B2A-832E-6BA623236823}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{4CB0F24B-E84F-4094-9553-B7283A7993CE}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [UDP Query User{C6849B8D-D3D2-472E-9EE3-9F707812EB90}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe (Affinegy, Inc.)
FirewallRules: [TCP Query User{AADE7AA0-F505-4805-8F16-4CE0BFE22FE9}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [UDP Query User{194A1D62-3CB4-4557-AA89-CD6FA15C289B}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe (Ares Development Group)
FirewallRules: [TCP Query User{70CCA2B8-5A55-4BF1-9F25-0143EB259EF9}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [UDP Query User{5A027485-9A49-41D7-8D72-D6D30A475B54}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe (Belkin International, Inc.)
FirewallRules: [TCP Query User{448F320B-2644-4371-A111-4EC451340D05}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [UDP Query User{A4473480-E8E0-4E18-A08A-A520AF877151}C:\users\allen\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{0D2EB0F2-7A2C-4D35-92DD-D90E1CD79C84}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{AA80E7B2-F43F-41B7-BF00-841E8349AD5D}] => (Block) C:\users\allen\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC)
FirewallRules: [{C90164AB-F220-4C08-BB2F-B70309AE99C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
FirewallRules: [{C1F549F7-BBDB-46D2-91CC-F5D78C298BCA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
FirewallRules: [{7FB83F0D-C0E2-4E4C-B827-C112A6B47C37}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)

==================== Restore Points =========================

06-12-2018 16:24:20 Windows Modules Installer
08-12-2018 00:22:40 Windows Modules Installer
09-12-2018 01:01:55 Windows Modules Installer
10-12-2018 03:02:09 Windows Modules Installer
13-12-2018 22:39:45 Windows Update
16-12-2018 12:53:30 Garmin Express

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SXUPTP Driver
Description: SXUPTP Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: silex technology, Inc.
Service: sxuptp
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2019 02:14:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.1.0.1662, time stamp: 0x5c070ab0
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5bd23201
Exception code: 0xc0000005
Fault offset: 0x001a294b
Faulting process id: 0xdb4
Faulting application start time: 0x01d4b1590293c036
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 4884c368-f752-4cf3-a186-94ccf493b19f
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/21/2019 02:08:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.1.0.1662, time stamp: 0x5c070ab0
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5bd23201
Exception code: 0xc0000005
Fault offset: 0x001a294b
Faulting process id: 0xf84
Faulting application start time: 0x01d4b1582cc04694
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 3797e746-7863-4aab-aa41-2f5c17f7e687
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/21/2019 02:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 3.1.0.1662, time stamp: 0x5c070ab0
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5bd23201
Exception code: 0xc0000005
Fault offset: 0x001a294b
Faulting process id: 0xef0
Faulting application start time: 0x01d4b1580645df46
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 4fe195ba-f148-4615-a9e4-a709556d3d03
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/20/2019 05:42:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (01/18/2019 03:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Faulting module name: hitmanpro_x64.exe, version: 3.8.0.295, time stamp: 0x5b337e78
Exception code: 0xc0000005
Fault offset: 0x00000000002c2715
Faulting process id: 0x52c
Faulting application start time: 0x01d4af67cdfd0c36
Faulting application path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\allen\Desktop\hitmanpro_x64.exe
Report Id: 03f3592c-0efd-464f-8fac-20d0240f7554
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/22/2018 06:26:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/22/2018 05:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Faulting module name: SmartByteNetworkService.exe, version: 2.0.637.0, time stamp: 0x5b995456
Exception code: 0xc0000409
Fault offset: 0x00000000000e966c
Faulting process id: 0x143c
Faulting application start time: 0x01d49a480deffe49
Faulting application path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Faulting module path: C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
Report Id: 9e5cafdd-767d-4685-8dd6-3676bf001d0c
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/22/2018 05:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: CNC_BLC.dll, version: 20.1.0.1, time stamp: 0x4fbed08a
Exception code: 0xc0000005
Fault offset: 0x00000000000046bd
Faulting process id: 0x16ec
Faulting application start time: 0x01d49a480e528c0b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\system32\CNC_BLC.dll
Report Id: 74ed5495-c0d7-42de-9ffa-c4bf3b964487
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/22/2019 03:18:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/22/2019 03:18:30 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:17:58 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:17:23 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:16:52 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:16:30 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:16:11 PM) (Source: DCOM) (EventID: 10005) (User: allen-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/22/2019 03:15:45 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


Windows Defender:
===================================
Date: 2018-12-06 17:11:09.972
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4B9FFFE2-0F14-40AD-B447-A5C62780410A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-01-22 15:13:33.314
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.532.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 

Date: 2019-01-22 15:13:33.314
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.532.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 

Date: 2019-01-22 15:13:33.314
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.532.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 

Date: 2019-01-22 15:13:33.309
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.532.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 

Date: 2019-01-22 15:13:33.309
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.532.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80072742
Error description: A socket operation encountered a dead network. 

CodeIntegrity:
===================================

Date: 2018-12-22 18:07:54.954
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.947
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.941
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 18:07:54.934
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.318
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.311
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.305
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

Date: 2018-12-22 16:52:24.298
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 23%
Total physical RAM: 6133.17 MB
Available physical RAM: 4682.87 MB
Total Virtual: 12277.17 MB
Available Virtual: 10976.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.47 GB) (Free:487.9 GB) NTFS

\\?\Volume{44d36ca4-2eef-11df-af9c-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 94959DDD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You will need to connect to the Internet and work on Windows Updates. In most occasions applications need Microsoft.net Framework. The computer has a very old version. Why aren't you able to connect?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP