jimmyedwards Posted August 30, 2018 Posted August 30, 2018 I have an ad blocker and I scan with mbam and windows defender regular but I am still getting these pop ups . They really come a lot if I try to copy and paste a link . Help. Quote
ExTS Admin Starbuck Posted August 31, 2018 ExTS Admin Posted August 31, 2018 Hi Jimmy, Ok a couple of things for you to do. Step 1 Download AdwCleaner to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator Accept the EULA , then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Step 2 Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your next reply, please submit: AdwCleaner report Both reports from FRST. This will give us a better understanding of what is going on. Thanks. Quote Member of:UNITE
jimmyedwards Posted August 31, 2018 Author Posted August 31, 2018 Thanks for your reply, I did those tasks and I am sending the reports. I copied one of the pop ups url or something . In the address bar was this pcsupportdesk.co/lp30M/ and it said ad arcade loot. # ------------------------------- # Malwarebytes AdwCleaner 7.2.2.0 # ------------------------------- # Build: 07-17-2018 # Database: 2018-08-30.1 # Support: Customer Support & Help Center # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-31-2018 # Duration: 00:00:02 # OS: Windows 8.1 # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[s00].txt - [4635 octets] - [24/08/2018 17:42:20] AdwCleaner[C00].txt - [4241 octets] - [24/08/2018 17:44:14] AdwCleaner[s01].txt - [1360 octets] - [31/08/2018 19:04:23] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## ************************************************************************************************************************************************* Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018 Ran by Jimmy Edwards (31-08-2018 19:21:20) Running from C:\Users\Ray\Downloads Windows 8.1 (Update) (X64) (2014-10-22 20:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled) Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software) Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software) Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software) Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software) Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com) Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios) ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl) ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd) Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - ) PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - ) Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft) Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft) Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers1: [bB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [startMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.) Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {2A24730E-C25E-42EC-924B-4F723C6AD2E2} - System32\Tasks\HPCeeScheduleForJimmy Edwards => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-17] (HP Inc.) Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.) Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.) Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation) Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] () Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated) Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForJimmy Edwards.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat () Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg DNS Servers: 192.168.0.1 - 205.171.2.26 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "IMSS" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900 FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869 FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357 FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [uDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-01-2018 16:05:11 Revo Uninstaller's restore point - Java 8 Update 161 (64-bit) 19-02-2018 00:18:14 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software 19-02-2018 00:24:02 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software 19-02-2018 01:05:13 Revo Uninstaller's restore point - HP Officejet 4630 series Help 26-02-2018 01:26:53 Windows Update 25-03-2018 11:42:15 Windows Update 15-04-2018 13:12:34 Windows Update 15-04-2018 16:59:55 Installed TomTom HOME. 24-04-2018 23:55:52 Windows Update 12-05-2018 13:48:23 Windows Update 14-06-2018 09:20:28 Windows Update 17-07-2018 12:05:55 Installed TomTom HOME. 22-07-2018 10:10:33 Installed DirectX 28-07-2018 12:30:38 Installed OpinionSquare 17-08-2018 15:32:18 Windows Update 24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher 24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid 24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder 24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules 24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules 24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01) 24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in 24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2018 11:30:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x1470 Faulting application start time: 0x01d4413f97f9ce0e Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: d669dd46-ad32-11e8-851e-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/31/2018 11:30:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/30/2018 10:14:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x814 Faulting application start time: 0x01d4406bd0095d3a Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 0e50e85d-ac5f-11e8-851d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/30/2018 10:14:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/30/2018 09:38:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000374 Fault offset: 0x000e6214 Faulting process id: 0x1558 Faulting application start time: 0x01d4406669ba5802 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f6d69213-ac59-11e8-851d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/29/2018 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x590 Faulting application start time: 0x01d43f9e53513c77 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 91a4b1ff-ab91-11e8-851c-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/29/2018 09:43:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/29/2018 09:15:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000374 Fault offset: 0x000e6214 Faulting process id: 0x478 Faulting application start time: 0x01d43f98c5ac2f71 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 9b51aaf0-ab8d-11e8-851c-c81f66038689 Faulting package full name: Faulting package-relative application ID: ************************************************************************************************************************************************* System errors: ============= Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2018-05-23 23:03:25.737 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:HTML/Phish threat description - Windows Defender Security Intelligence Name: Trojan:HTML/Phish ID: 2147678587 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta Detection Origin: Internet Detection Type: Concrete Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence Name: Trojan:Win32/Bitrep.A ID: 2147723097 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-02 08:03:12.067 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 08:01:27.090 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-01-30 09:29:22.975 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-30 09:29:22.674 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2018-01-30 09:29:22.673 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2017-12-26 11:29:03.449 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =================================== Date: 2017-08-24 12:30:53.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:53.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.169 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:30.029 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:29.388 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-3240 CPU @ 3.40GHz Percentage of memory in use: 32% Total physical RAM: 8066.05 MB Available physical RAM: 5478.89 MB Total Virtual: 9346.05 MB Available Virtual: 6638.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:90.44 GB) NTFS \\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS \\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A) Partition: GPT. ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted September 3, 2018 ExTS Admin Posted September 3, 2018 Hi Jimmy, Sorry for the late reply.... I didn't get a notification of your post. I'll have to check my settings. Unfortunately you only posted the Addition.txt from FRST. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018 Can you please post the Main FRST.txt. There will be a copy in your Download folder. Running from C:\Users\Ray\Downloads Also, when was the last time that you ran a full scan with Windows Defender? Thanks Quote Member of:UNITE
jimmyedwards Posted September 3, 2018 Author Posted September 3, 2018 I did a Windows Defender last week I believe,i will do one now and post it ok,thanks. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018 Ran by Jimmy Edwards (31-08-2018 19:21:20) Running from C:\Users\Ray\Downloads Windows 8.1 (Update) (X64) (2014-10-22 20:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled) Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software) Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software) Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software) Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software) Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com) Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios) ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl) ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd) Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - ) PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - ) Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft) Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft) Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers1: [bB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [startMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.) Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {2A24730E-C25E-42EC-924B-4F723C6AD2E2} - System32\Tasks\HPCeeScheduleForJimmy Edwards => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-17] (HP Inc.) Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.) Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.) Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation) Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] () Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated) Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForJimmy Edwards.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat () Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg DNS Servers: 192.168.0.1 - 205.171.2.26 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "IMSS" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900 FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869 FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357 FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [uDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-01-2018 16:05:11 Revo Uninstaller's restore point - Java 8 Update 161 (64-bit) 19-02-2018 00:18:14 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software 19-02-2018 00:24:02 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software 19-02-2018 01:05:13 Revo Uninstaller's restore point - HP Officejet 4630 series Help 26-02-2018 01:26:53 Windows Update 25-03-2018 11:42:15 Windows Update 15-04-2018 13:12:34 Windows Update 15-04-2018 16:59:55 Installed TomTom HOME. 24-04-2018 23:55:52 Windows Update 12-05-2018 13:48:23 Windows Update 14-06-2018 09:20:28 Windows Update 17-07-2018 12:05:55 Installed TomTom HOME. 22-07-2018 10:10:33 Installed DirectX 28-07-2018 12:30:38 Installed OpinionSquare 17-08-2018 15:32:18 Windows Update 24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher 24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid 24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder 24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules 24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules 24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01) 24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in 24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2018 11:30:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x1470 Faulting application start time: 0x01d4413f97f9ce0e Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: d669dd46-ad32-11e8-851e-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/31/2018 11:30:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/30/2018 10:14:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x814 Faulting application start time: 0x01d4406bd0095d3a Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 0e50e85d-ac5f-11e8-851d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/30/2018 10:14:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/30/2018 09:38:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000374 Fault offset: 0x000e6214 Faulting process id: 0x1558 Faulting application start time: 0x01d4406669ba5802 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f6d69213-ac59-11e8-851d-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/29/2018 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x590 Faulting application start time: 0x01d43f9e53513c77 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 91a4b1ff-ab91-11e8-851c-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (08/29/2018 09:43:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (08/29/2018 09:15:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91 Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e Exception code: 0xc0000374 Fault offset: 0x000e6214 Faulting process id: 0x478 Faulting application start time: 0x01d43f98c5ac2f71 Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 9b51aaf0-ab8d-11e8-851c-c81f66038689 Faulting package full name: Faulting package-relative application ID: Quote
jimmyedwards Posted September 4, 2018 Author Posted September 4, 2018 Oops so sorry System errors: ============= Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2018-05-23 23:03:25.737 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:HTML/Phish threat description - Windows Defender Security Intelligence Name: Trojan:HTML/Phish ID: 2147678587 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta Detection Origin: Internet Detection Type: Concrete Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence Name: Trojan:Win32/Bitrep.A ID: 2147723097 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-02 08:03:12.067 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-04-02 08:01:27.090 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-01-30 09:29:22.975 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-30 09:29:22.674 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2018-01-30 09:29:22.673 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2017-12-26 11:29:03.449 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =================================== Date: 2017-08-24 12:30:53.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:53.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.169 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:30.029 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:29.388 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-3240 CPU @ 3.40GHz Percentage of memory in use: 32% Total physical RAM: 8066.05 MB Available physical RAM: 5478.89 MB Total Virtual: 9346.05 MB Available Virtual: 6638.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:90.44 GB) NTFS \\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS \\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A) Partition: GPT. ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted September 4, 2018 ExTS Admin Posted September 4, 2018 Hi Jimmy, I did a Windows Defender last week I believe,i will do one now and post it ok,thanks.Thanks. I just wanted to make sure that Windows Defender had been run since this..... Date: 2018-05-23 23:03:25.737 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:HTML/Phish threat description - Windows Defender Security Intelligence Name: Trojan:HTML/Phish ID: 2147678587 Severity: Severe Category: Trojan Unfortunately you've posted the addition.txt again. Additional scan result of Farbar Recovery Scan Tool (x64) Version: The download folder will contain 2 frst reports... The one we need is the text document named FRST. The header will look like this.... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: Thanks Quote Member of:UNITE
jimmyedwards Posted September 4, 2018 Author Posted September 4, 2018 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03 Ran by Jimmy Edwards (04-09-2018 15:17:18) Running from C:\Users\Ray\Downloads Windows 8.1 (Update) (X64) (2014-10-22 20:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled) Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software) Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software) Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software) Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software) Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com) Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG) Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery) BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios) ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl) ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell) Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - ) FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd) Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - ) PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - ) Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.) Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft) Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft) Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers1: [bB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [startMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.) Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.) Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.) Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation) Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] () Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.) Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.) Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated) Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.) Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat () Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co ==================== Loaded Modules (Whitelisted) ============== 2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg DNS Servers: 192.168.0.1 - 205.171.2.26 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk" HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "IMSS" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900 FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869 FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357 FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [uDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-03-2018 11:42:15 Windows Update 15-04-2018 13:12:34 Windows Update 15-04-2018 16:59:55 Installed TomTom HOME. 24-04-2018 23:55:52 Windows Update 12-05-2018 13:48:23 Windows Update 14-06-2018 09:20:28 Windows Update 17-07-2018 12:05:55 Installed TomTom HOME. 22-07-2018 10:10:33 Installed DirectX 28-07-2018 12:30:38 Installed OpinionSquare 17-08-2018 15:32:18 Windows Update 24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher 24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid 24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder 24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME 24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules 24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules 24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01) 24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in 24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in 01-09-2018 14:04:15 Restore Operation 02-09-2018 16:53:22 Ultra Adware Killer adware removal 04-09-2018 10:03:48 Revo Uninstaller's restore point - Ant.com IE add-on 04-09-2018 10:08:27 Restore Operation ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/04/2018 03:12:05 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\Ray\Desktop\MY SHARED FOLDER\A SECURITY STUFF\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (09/04/2018 09:51:12 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Users\Ray\Desktop\MY SHARED FOLDER\A SECURITY STUFF\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (09/03/2018 12:15:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WINWORD.EXE, version: 12.0.6787.5000, time stamp: 0x5ab6b28d Faulting module name: MSONSEXT.DLL, version: 11.0.6715.60, time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00053555 Faulting process id: 0x172c Faulting application start time: 0x01d443a101f0da3d Faulting application path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Faulting module path: C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Report Id: a3ff9a33-af94-11e8-851a-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (09/03/2018 10:25:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a Exception code: 0xe0434352 Fault offset: 0x0000000000008eac Faulting process id: 0x6c4 Faulting application start time: 0x01d44391e6ba2d64 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: 2520b309-af85-11e8-851a-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (09/03/2018 10:25:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ApplicationException at asapi.asapicsharp.locale() at pcd.models.properties.CustomizationManager.get_IsThirdwave() at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[]) at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[]) at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[]) at wpfview.Program.Main(System.String[]) Error: (09/03/2018 09:14:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1294 Faulting application start time: 0x01d44386701537cb Faulting application path: C:\PROGRA~2\MICROS~3\WksWP.exe Faulting module path: unknown Report Id: 3f67ed54-af7b-11e8-851a-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (09/03/2018 09:14:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27 Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e Exception code: 0xc0000005 Fault offset: 0x0000b328 Faulting process id: 0x1294 Faulting application start time: 0x01d44386701537cb Faulting application path: C:\PROGRA~2\MICROS~3\WksWP.exe Faulting module path: C:\WINDOWS\SYSTEM32\msvcrt.dll Report Id: 3c7b3e1c-af7b-11e8-851a-c81f66038689 Faulting package full name: Faulting package-relative application ID: Error: (09/02/2018 05:12:42 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 17d8 Start Time: 01d44300f6d20ceb Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: eafcb020-aef4-11e8-851a-c81f66038689 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (09/04/2018 02:11:49 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Jimmy Edwards SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/04/2018 02:11:49 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jimmy\Jimmy Edwards SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/02/2018 11:25:58 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:46:46 PM on 9/1/2018 was unexpected. Error: (09/01/2018 07:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/01/2018 07:04:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s). Error: (09/01/2018 07:04:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/01/2018 07:04:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). Error: (09/01/2018 03:42:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20. Windows Defender: =================================== Date: 2018-09-02 19:33:26.741 Description: Windows Defender scan has been stopped before completion. Scan ID: {7919FF8C-C68E-4B1A-AD0B-F7B08F518DBA} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-05-23 23:03:25.737 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:HTML/Phish threat description - Windows Defender Security Intelligence Name: Trojan:HTML/Phish ID: 2147678587 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta Detection Origin: Internet Detection Type: Concrete Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-20 12:20:22.153 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence Name: Trojan:Win32/Bitrep.A ID: 2147723097 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: User Process Name: Unknown Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4 Date: 2018-04-02 08:03:12.067 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence Name: Trojan:JS/Flafisi.D ID: 2147725632 Severity: Severe Category: Trojan Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4 Date: 2018-09-04 10:26:39.198 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 Date: 2018-09-01 14:20:55.447 Description: Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 Date: 2018-01-30 09:29:22.975 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-30 09:29:22.674 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2018-01-30 09:29:22.673 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.508.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =================================== Date: 2017-08-24 12:30:53.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:53.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 12:30:52.169 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:30.029 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:29.388 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.795 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-24 10:12:28.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-3240 CPU @ 3.40GHz Percentage of memory in use: 48% Total physical RAM: 8066.05 MB Available physical RAM: 4140.15 MB Total Virtual: 9346.05 MB Available Virtual: 5467.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:122.94 GB) NTFS \\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS \\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A) Partition: GPT. ==================== End of Addition.txt ============================ Quote
ExTS Admin Starbuck Posted September 6, 2018 ExTS Admin Posted September 6, 2018 Hi Jimmy, You are still posting the Additional text report. The main FRST report gives us about 2/3 of the system info .... that is why we need it. Just look for this in the Download folder.... (obviously the date/file size on yours will be different ) When you open it, look at the 'Header' ... this is what it should read: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: We don't want to see : Additional scan result of Farbar Recovery Scan Tool (x64) Version: Thanks. Quote Member of:UNITE
jimmyedwards Posted September 7, 2018 Author Posted September 7, 2018 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03 Ran by Jimmy Edwards (administrator) on JIMMY (04-09-2018 15:16:00) Running from C:\Users\Ray\Downloads Loaded Profiles: Jimmy Edwards (Available Profiles: Jimmy Edwards & Administrator) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe (Intel Corporation) C:\WINDOWS\System32\igfxEM.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\WINDOWS\System32\igfxHK.exe (johnsadventures.com) C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe (Ruiware) C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Ant.com) C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe (Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [backgroundSwitcher] => C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe [124760 2018-05-15] (johnsadventures.com) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware) HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {4907433c-6b83-11e8-84d5-c81f66038689} - "D:\Setup.exe" HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {abae85c0-de96-11e7-844b-c81f66038689} - "D:\Setup.exe" AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [309680 2017-12-01] (Jaksta Technologies Pty Ltd) AppInit_DLLs-x32: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [262576 2017-12-01] (Jaksta Technologies Pty Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2017-01-18] ShortcutTarget: Amazon Unbox.lnk -> C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientSystemTray.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-01-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk [2018-09-04] ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26 Tcpip\..\Interfaces\{51C8D340-F890-41D3-9072-A0A4EB2CA895}: [DhcpNameServer] 192.168.0.1 205.171.2.26 Tcpip\..\Interfaces\{A8C40184-0C97-472B-A7BC-59462E7AB2BC}: [DhcpNameServer] 192.168.0.1 205.171.2.26 Internet Explorer: ================== HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-21] (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-21] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files (x86)\Ant.com\IE add-on\Download.dll [2013-03-05] (Ant.com) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll [2013-03-05] (Ant.com) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab FireFox: ======== FF DefaultProfile: f0qki1rs.default-1482161108706-1530495482829 FF ProfilePath: C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default [2018-07-17] FF Extension: (Emulator) - C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-03-31] [Legacy] [not signed] FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found] FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829 [2018-09-04] FF Homepage: Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829 -> hxxps://www.yahoo.com/ FF Extension: (uBlock) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2018-09-02] FF Extension: (Search and New Tab by Yahoo) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-06-05] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin HKU\S-1-5-21-2801032338-2342425128-3870613798-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR HomePage: Default -> hxxp://www.yahoo.com/ CHR DefaultSearchKeyword: Default -> google.com_ CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default [2018-09-04] CHR Extension: (Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24] CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24] CHR Extension: (Google Docs Offline) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24] CHR Extension: (Chrome Media Router) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-07-22] (EasyAntiCheat Ltd) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-01-20] (ESET) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [28664 2016-04-29] (Intel Mobile Communications) R3 jakstaVA; C:\WINDOWS\system32\DRIVERS\jaksta_va.sys [103816 2017-02-23] (e2eSoft) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-04] (Malwarebytes) R1 MpKslb88472ae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD53AC24-F873-4BCD-BE5B-85050390922E}\MpKslb88472ae.sys [58120 2018-09-04] (Microsoft Corporation) S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-04 15:15 - 2018-09-04 15:15 - 002413056 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe 2018-09-04 09:59 - 2018-09-04 09:59 - 000281057 _____ C:\Users\Ray\Downloads\ant_video_downloader_and_player-2.3.0-fx (1).xpi 2018-09-02 16:36 - 2018-09-04 10:24 - 000000000 ____D C:\ProgramData\Ultra Adware Killer 2018-09-02 16:33 - 2018-09-04 10:25 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK 2018-09-02 16:33 - 2018-09-04 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free 2018-09-02 16:33 - 2018-09-04 10:24 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free 2018-09-02 16:32 - 2018-09-02 16:32 - 000000000 ____D C:\Users\Ray\AppData\Local\AntiLogger Free 2018-09-01 23:40 - 2018-09-01 23:40 - 005904423 _____ C:\Users\Ray\Desktop\T.I. Vs T.I.P- Respect this Hustle.mp4 2018-09-01 18:48 - 2018-09-01 19:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2018-09-01 18:47 - 2018-09-01 18:47 - 000000000 ____D C:\Users\Ray\AppData\Local\Zemana 2018-09-01 02:06 - 2018-09-01 23:28 - 000000000 ____D C:\Users\Ray\Desktop\New Music 2018-08-24 17:37 - 2018-08-24 17:41 - 007417040 _____ (Malwarebytes) C:\Users\Ray\Downloads\adwcleaner_7.2.2(1).exe 2018-08-24 17:33 - 2018-08-24 17:37 - 007417040 _____ (Malwarebytes) C:\Users\Ray\Downloads\adwcleaner_7.2.2.exe 2018-08-24 17:32 - 2018-08-24 17:32 - 007395536 _____ (Malwarebytes) C:\Users\Ray\Downloads\AdwCleaner(1).exe 2018-08-24 17:24 - 2018-08-24 17:25 - 002413056 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(1).exe 2018-08-24 17:07 - 2018-09-04 10:30 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-08-24 17:07 - 2018-08-24 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-08-24 17:07 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-08-24 17:05 - 2018-08-24 17:06 - 082924864 _____ (Malwarebytes ) C:\Users\Ray\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6489(1).exe 2018-08-24 16:54 - 2018-08-24 16:55 - 082924864 _____ (Malwarebytes ) C:\Users\Ray\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6489.exe 2018-08-19 12:44 - 2018-08-19 12:44 - 000000000 ____D C:\Users\Ray\AppData\Local\mbam 2018-08-18 02:44 - 2018-08-03 19:46 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-08-18 02:44 - 2018-08-03 19:46 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-08-17 15:31 - 2018-07-19 03:06 - 007371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-08-17 15:31 - 2018-07-19 02:48 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-08-17 15:31 - 2018-07-19 02:15 - 025745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-08-17 15:31 - 2018-07-19 00:35 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-08-17 15:31 - 2018-07-19 00:33 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-08-17 15:31 - 2018-07-19 00:33 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2018-08-17 15:31 - 2018-07-19 00:30 - 005778432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-08-17 15:31 - 2018-07-19 00:23 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2018-08-17 15:31 - 2018-07-19 00:22 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-08-17 15:31 - 2018-07-19 00:22 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-08-17 15:31 - 2018-07-19 00:22 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2018-08-17 15:31 - 2018-07-19 00:21 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-08-17 15:31 - 2018-07-19 00:05 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-08-17 15:31 - 2018-07-19 00:03 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2018-08-17 15:31 - 2018-07-19 00:01 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-08-17 15:31 - 2018-07-18 23:55 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-08-17 15:31 - 2018-07-18 23:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2018-08-17 15:31 - 2018-07-18 23:54 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-08-17 15:31 - 2018-07-18 23:53 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2018-08-17 15:31 - 2018-07-18 23:47 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2018-08-17 15:31 - 2018-07-18 23:46 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-08-17 15:31 - 2018-07-18 23:45 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-08-17 15:31 - 2018-07-18 23:45 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-08-17 15:31 - 2018-07-18 23:43 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-08-17 15:31 - 2018-07-18 23:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2018-08-17 15:31 - 2018-07-18 23:32 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-08-17 15:31 - 2018-07-18 23:31 - 004510720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-08-17 15:31 - 2018-07-18 23:30 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2018-08-17 15:31 - 2018-07-18 23:28 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-08-17 15:31 - 2018-07-18 23:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2018-08-17 15:31 - 2018-07-18 23:28 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-08-17 15:31 - 2018-07-18 23:28 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-08-17 15:31 - 2018-07-18 23:28 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-08-17 15:31 - 2018-07-18 23:20 - 001554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-08-17 15:31 - 2018-07-18 23:17 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2018-08-17 15:31 - 2018-07-18 23:09 - 004037632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-08-17 15:31 - 2018-07-18 23:09 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-08-17 15:31 - 2018-07-18 23:06 - 001329152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-08-17 15:31 - 2018-07-18 23:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-08-17 15:31 - 2018-07-13 03:51 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-08-17 15:31 - 2018-07-07 14:33 - 001548632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-08-17 15:31 - 2018-07-07 13:05 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2018-08-17 15:31 - 2018-07-07 13:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-08-17 15:31 - 2018-07-07 13:00 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-08-17 15:31 - 2018-07-07 12:33 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-08-17 15:31 - 2018-07-07 12:31 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-08-17 15:31 - 2018-07-06 13:37 - 001754624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-08-17 15:31 - 2018-07-06 12:36 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-08-17 15:31 - 2018-06-30 14:00 - 001113952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2018-08-17 15:31 - 2018-06-24 11:11 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2018-08-17 15:31 - 2018-06-24 11:04 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2018-08-17 15:31 - 2018-06-20 15:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-08-17 15:31 - 2018-06-20 15:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-08-17 15:31 - 2018-06-20 14:48 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2018-08-17 15:31 - 2018-06-20 14:48 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys 2018-08-17 15:31 - 2018-06-20 12:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2018-08-17 15:31 - 2018-06-20 12:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2018-08-17 15:31 - 2018-06-20 12:58 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2018-08-17 15:31 - 2018-06-19 09:38 - 003611136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-08-17 15:31 - 2018-06-19 09:38 - 003321344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-08-17 15:31 - 2018-06-19 09:31 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2018-08-17 15:31 - 2018-06-19 09:29 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2018-08-17 15:31 - 2018-06-16 11:03 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2018-08-17 15:31 - 2018-06-16 10:59 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2018-08-17 15:31 - 2018-06-15 00:34 - 000923512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2018-08-17 15:31 - 2018-06-14 22:28 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-08-17 15:31 - 2018-06-14 22:12 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2018-08-17 15:31 - 2018-06-14 22:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-08-17 15:31 - 2018-06-14 21:55 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-08-17 15:31 - 2018-06-14 21:43 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2018-08-17 15:31 - 2018-06-14 21:26 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-08-17 15:31 - 2018-06-14 21:22 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-08-17 15:31 - 2018-06-14 21:19 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-08-17 15:31 - 2018-06-12 04:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-08-17 15:31 - 2018-06-12 03:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-08-17 15:31 - 2018-06-11 12:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2018-08-17 15:31 - 2018-06-09 12:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2018-08-17 15:31 - 2018-06-08 14:47 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2018-08-17 15:31 - 2018-06-08 14:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-08-17 15:31 - 2018-06-08 13:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2018-08-17 15:31 - 2018-06-08 13:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2018-08-17 15:31 - 2018-06-08 13:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-08-17 15:31 - 2018-06-08 12:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2018-08-17 15:31 - 2018-06-07 14:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-08-17 15:31 - 2018-05-24 17:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2018-08-06 13:21 - 2018-08-06 13:21 - 000004257 _____ C:\Users\Ray\Downloads\goto.cfm ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-04 15:16 - 2017-05-26 22:01 - 000020070 _____ C:\Users\Ray\Downloads\FRST.txt 2018-09-04 15:16 - 2017-01-31 09:12 - 000000000 ____D C:\FRST 2018-09-04 15:14 - 2016-11-18 19:03 - 000000000 ____D C:\Users\Ray\AppData\LocalLow\Mozilla 2018-09-04 13:49 - 2013-12-29 19:04 - 000000000 ____D C:\Users\Ray\AppData\LocalLow\ant.com 2018-09-04 11:49 - 2017-11-21 00:45 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRay.job 2018-09-04 10:57 - 2012-07-26 01:26 - 000000223 _____ C:\WINDOWS\win.ini 2018-09-04 10:40 - 2013-12-28 19:11 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2801032338-2342425128-3870613798-1001 2018-09-04 10:31 - 2014-10-22 16:38 - 000000000 ___DO C:\Users\Ray\OneDrive 2018-09-04 10:31 - 2013-09-24 18:44 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2018-09-04 10:26 - 2014-10-22 15:33 - 000000000 ____D C:\Users\Ray 2018-09-04 10:26 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-04 10:25 - 2016-01-07 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2018-09-04 10:25 - 2014-10-22 15:33 - 000000000 ____D C:\Users\Administrator 2018-09-04 10:24 - 2018-08-02 14:09 - 000000000 ___RD C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\A Music 2018-09-04 10:24 - 2018-07-10 11:19 - 000000000 ____D C:\Users\Ray\Desktop\Tagalog Translator, Filipino Translation, Online Dictionary_files 2018-09-04 10:24 - 2018-01-22 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2018-09-04 10:24 - 2018-01-22 01:37 - 000000000 ____D C:\Program Files (x86)\WinPcap 2018-09-04 10:24 - 2016-10-02 09:52 - 000000000 ____D C:\ProgramData\Tracker Software 2018-09-04 10:24 - 2016-05-29 20:25 - 000000000 ____D C:\Users\Ray\AppData\Local\VideoCapture 2018-09-04 10:24 - 2016-02-21 13:39 - 000000000 ____D C:\Users\Ray\AppData\Local\Hewlett-Packard 2018-09-04 10:24 - 2014-02-14 08:50 - 000000000 ____D C:\Program Files (x86)\Dashlane 2018-09-04 10:24 - 2014-01-02 17:07 - 000000000 ____D C:\Users\Ray\AppData\Roaming\vlc 2018-09-04 10:24 - 2014-01-01 21:01 - 000000000 ____D C:\Users\Ray\AppData\Roaming\QuitCounter 2018-09-04 10:24 - 2013-12-29 22:20 - 000000000 ____D C:\Users\Ray\AppData\Roaming\PySolFC 2018-09-04 10:24 - 2013-12-29 20:54 - 000000000 ____D C:\Program Files\Tracker Software 2018-09-04 10:24 - 2013-09-29 01:18 - 000000000 ___RD C:\Users\Ray\Desktop\My DVD Burners ETC 2018-09-04 10:24 - 2013-09-24 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot 2018-09-04 10:22 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps 2018-09-04 10:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\registration 2018-09-04 10:18 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf 2018-09-04 09:51 - 2013-12-30 01:21 - 000043650 _____ C:\Users\Ray\AppData\Roaming\wklnhst.dat 2018-09-04 09:51 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2018-09-03 10:25 - 2017-03-03 10:21 - 000000000 ____D C:\Users\Ray\AppData\Local\CrashDumps 2018-09-02 12:17 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-08-31 19:24 - 2017-01-31 19:41 - 000051238 _____ C:\Users\Ray\Downloads\Addition.txt 2018-08-24 19:23 - 2013-12-28 20:23 - 000000000 ____D C:\Users\Ray\AppData\Roaming\ClassicShell 2018-08-24 19:11 - 2018-07-22 10:10 - 000000000 ____D C:\ProgramData\Epic 2018-08-24 17:44 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI 2018-08-24 17:42 - 2017-01-25 16:06 - 000000000 ____D C:\AdwCleaner 2018-08-24 17:07 - 2017-08-26 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-08-24 08:35 - 2014-09-24 03:15 - 000866884 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-08-22 08:30 - 2013-09-24 18:19 - 000000000 ____D C:\Intel 2018-08-22 08:24 - 2014-10-22 16:35 - 000000000 __SHD C:\Users\Ray\IntelGraphicsProfiles 2018-08-20 11:49 - 2017-11-21 00:45 - 000003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRay 2018-08-19 09:01 - 2016-02-04 11:37 - 000000638 _____ C:\WINDOWS\Tasks\TrackerAutoUpdate.job 2018-08-18 02:43 - 2013-08-22 10:44 - 000528512 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-08-18 00:45 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData 2018-08-17 15:43 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-08-17 15:38 - 2013-12-28 21:55 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-08-17 15:35 - 2013-12-28 21:55 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-08-14 20:04 - 2018-03-14 01:04 - 000004452 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-14 20:04 - 2016-03-19 21:19 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-08-14 20:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-08-14 20:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-08-11 17:01 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-08-10 12:26 - 2015-11-22 19:28 - 000000000 ____D C:\Users\Ray\Desktop\MY SHARED FOLDER 2018-08-10 08:32 - 2017-08-25 16:01 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-10 08:32 - 2015-08-23 11:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-08 14:05 - 2017-08-24 13:45 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-08 14:05 - 2017-08-24 13:45 - 000002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2013-12-30 01:21 - 2018-09-04 09:51 - 000043650 _____ () C:\Users\Ray\AppData\Roaming\wklnhst.dat 2016-05-29 20:53 - 2018-01-21 12:35 - 000005120 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-01-23 15:10 - 2018-01-23 15:10 - 000000000 _____ () C:\Users\Ray\AppData\Local\Schedule8.dat Some files in TEMP: ==================== 2018-07-21 11:07 - 2018-07-21 11:07 - 001906040 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-27 11:33 ==================== End of FRST.txt ============================ Quote
ExTS Admin Starbuck Posted September 7, 2018 ExTS Admin Posted September 7, 2018 Hi Jimmy, Ok, thanks for that. There's nothing malicious showing in the reports.... But a lot of these video downloaders are not as clean as they would have you believe. There are a few little things we can clean up. Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to your Download folder. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Step 2 Java 8 Update 181 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java SE 10.0.2 and save it to your desktop. Scroll down to where it says "Java SE 10.0.2". Click the "Download JRE " button. Accept the license agreement. select Windows x64 offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. Step 3 Let's reset your main browser... To Reset Firefox At the top of the Firefox window, click the Help menu and select Troubleshooting Information Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page. To continue, click Reset Firefox in the confirmation window that opens. Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open. Note: After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don't need this folder any longer, you should delete it as it contains sensitive information. The reset feature works by creating a new profile folder for you while saving your most important data. Firefox will try to keep the following data: Bookmarks Browsing history Passwords Cookies Web form auto-fill information Personal dictionary In your next reply, please submit: Fixlog.txt and let me know if things have improved at all. Thanks.fixlist.txt Quote Member of:UNITE
jimmyedwards Posted September 8, 2018 Author Posted September 8, 2018 Thanks ,here is the log,I hope it is the right one.I have to go out ,I will do the Java and Firefox reset later,Thanks again. Fix result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03 Ran by Jimmy Edwards (08-09-2018 11:52:33) Run:1 Running from C:\Users\Ray\Downloads Loaded Profiles: Jimmy Edwards (Available Profiles: Jimmy Edwards & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL = SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL = Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File 2018-07-21 11:07 - 2018-07-21 11:07 - 001906040 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe ContextMenuHandlers1: [bB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** Processes closed successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully "HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF}" => removed successfully HKLM\Software\Classes\CLSID\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => not found "HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2}" => removed successfully HKLM\Software\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => not found C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe => moved successfully "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2" => removed successfully HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78075951 B Java, Flash, Steam htmlcache => 23664 B Windows/system/drivers => 66689318 B Edge => 0 B Chrome => 872001353 B Firefox => 406182557 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 34360 B NetworkService => -658 B Ray => 13944755511 B Administrator => 0 B RecycleBin => 3563293814 B EmptyTemp: => 17.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:04:17 ==== Quote
ExTS Admin Starbuck Posted September 9, 2018 ExTS Admin Posted September 9, 2018 Hi Jimmy, Yes that's the fix report. Give me an update on the system once you have completed the other steps. Btw: You stated at the beginning of the thread that you use an adblocker ...... what adblocker are you using? I can't see one in the reports. Thanks. Quote Member of:UNITE
jimmyedwards Posted September 9, 2018 Author Posted September 9, 2018 So far so good,I don't have a reset for Firefox what I see is refresh Firefox,my adblocker is uBlock, I think it is working pretty good because I don't see all those ads anymore. Thanks Quote
ExTS Admin Starbuck Posted September 10, 2018 ExTS Admin Posted September 10, 2018 Hi Jimmy, I think it is working pretty good because I don't see all those ads anymore. That's good to hear. I don't have a reset for Firefox what I see is refresh FirefoxThe later versions of Firefox seem to have renamed the reset to refresh. I'll change the wording in future speeches. my adblocker is uBlock Sorry I don't know how i missed that. Looking back over the report I saw it straight away. uBlock is actually the old original version. The author of uBlock sold it and then proceeded to rewrite everything and came up with a much better adblocker. The new version is called uBlock Origin.... this is the only adblocker that I recommend now. In fact uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites. My recommendation would be to remove uBlock and install uBlock Origin instead. There are slightly different versions for different browsers... ( just pick the one you want ) Firefox: uBlock Origin Click on Add to Firefox. Once installed, I recommend that you update the blocking definitions. Tools >> Add-ons >> Extensions >> Options in uBlock Origin. Scroll down and click on Show Dashboard. Now click on 3rd Party Filters >> Update Now. Google Chrome: uBlock Origin Click on Add to Chrome Once installed, I recommend that you update the blocking definitions. Right click on the uBlock Origin icon (top right of the browser) and select Options. Now click on 3rd Party Filters >> Update Now. Internet Explorer: Since uBlock Origin is not available for IE, I'll recommend you install Adblock Plus for Internet Explorer instead. Click on Install for Internet Explorer. Click on Run notification at the bottom of the browser. If you now get a notification saying IE is still running, would you like to shut down.... click Yes. Follow the install pages by click next and finally finish. Re-open Internet Explorer. At the bottom you'll see: The Adblock Plus for IE browser helper object is ready for use..... click Enable. Quote Member of:UNITE
jimmyedwards Posted September 10, 2018 Author Posted September 10, 2018 Thanks, I believe the old girl is back up to snuff, who marks this solved? Quote
ExTS Admin Starbuck Posted September 11, 2018 ExTS Admin Posted September 11, 2018 Hi Jimmy, I believe the old girl is back up to snuff who marks this solved? I can do that for you. Ok, let's finish the cleaning process and remove the tools that we used. To remove FRST: Right click on the FRST icon and select delete. Right click on any fixlog.txt or fixlist.txt files and select delete. Navigate to: C:\frst and delete the frst folder. Now empty your 'Recycle Bin'. To remove AdwCleaner: Restart AdwCleaner ... click on the Uninstall button from the main screen. This will remove all the files created and the program. Glad I was able to help. Safe surfing. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.