Active Just weird happenings on GF kid's PC.

Think that's everything you asked for thanks!!

Billy

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Truman (10-01-2018 07:18:43)
Running from C:\Users\Truman\AppData\Local\Microsoft\Windows\INetCache\IE\P9U5J1IJ
Windows 10 Home Version 1703 15063.786 (X64) (2017-07-20 21:00:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1885365164-783125255-1517774114-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1885365164-783125255-1517774114-503 - Limited - Disabled)
Guest (S-1-5-21-1885365164-783125255-1517774114-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1885365164-783125255-1517774114-1003 - Limited - Enabled)
Truman (S-1-5-21-1885365164-783125255-1517774114-1001 - Administrator - Enabled) => C:\Users\Truman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-25775b40-bf62-45fc-88a3-4df1aa41c5d7) (Version: 2.2.0.98 - WildTangent) Hidden
Action Replay PowerSaves 3DS version 1.43 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.43 - Datel Design & Development)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Airport Mania (HKLM-x32\...\WTA-cdab80a8-2b9c-45f0-b2de-18d4d53f8f2c) (Version: 2.2.0.95 - WildTangent) Hidden
AirServer Universal (x64) (HKLM\...\{69380A3E-760E-4AA7-AED4-B10F6FA47B30}) (Version: 5.1.0 - App Dynamic)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-f7fddd99-5b67-45c2-8417-bb5c4ef60434) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-7800b1d8-a8b2-431d-9773-4b710d7730bb) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-53b1f363-53f9-47ba-b041-85a0322582f8) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-f8baa408-55dc-467a-81e3-233ace642541) (Version: 2.2.0.98 - WildTangent) Hidden
Chromium (HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Chromium) (Version: 50.0.2632.0 - Chromium)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-ca33b0dd-b0cc-4cdc-b2aa-0bbe68ee3aad) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-e9b151a7-ea2d-4afc-ab3b-2b51a4dbc27d) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-3aafa05e-28d4-4526-8746-ece2a7072b09) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-b8e56f50-40d7-4f52-87fc-e9a2ae74dd66) (Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-08889f09-aa5a-47f6-8d00-b9a5df4f6f29) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-2996ba93-34bf-4eda-87dd-a56e6533ae50) (Version: 3.0.2.38 - WildTangent) Hidden
GeekBuddy (HKLM\...\{DE937018-620A-4C8E-89AB-F41E81155921}) (Version: 4.28.191 - Comodo Security Solutions Inc)
Git version 2.9.3 (HKLM\...\Git_is1) (Version: 2.9.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b7377997-183d-4c1a-953a-d6859262b99d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-88a7d816-4897-471c-a621-e8f404bb5ea1) (Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
iExplorer (HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\262f11f6ff148a12) (Version: 4.0.4.0 - Macroplant LLC)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.54 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-fe36325e-2a38-400b-8f5a-5444cc719901) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-5b89f95d-0d7a-4877-a5de-ef127ceb7374) (Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-597bbfaf-e027-485f-94a4-f0dba5d74db9) (Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-a448dae1-866d-40ea-956e-9374ea5d51e7) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-f3f317bf-5957-4a5f-ac8a-2c53c355c6dd) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Melodics version 1.0.3644.0 (HKLM\...\Melodics_is1) (Version: 1.0.3644.0 - )
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4867.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-a07b8e50-855b-4e3b-95b9-3c2434ee25fc) (Version: 2.2.0.98 - WildTangent) Hidden
Node.js (HKLM\...\{18787FB8-B3D3-4F1B-BC3E-7D20A78310DD}) (Version: 6.4.0 - Node.js Foundation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.103 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.3.0 - Duodian Technology Co. Ltd.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4867.1003 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-175c1c34-6919-4356-a61d-fa2e2a453dfe) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-683a35c5-8407-405a-9591-29244f023441) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-230e227e-f6a8-406a-b203-def5e608c299) (Version: 2.2.0.98 - WildTangent) Hidden
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Pluto TV version 0.4.2 (HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Pluto TV_is1) (Version: 0.4.2 - Pluto TV)
Polar Bowler (HKLM-x32\...\WTA-48462ca3-63cb-4344-b02d-928aa1b267b4) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-c653c007-c29f-450b-8f51-d72076eb7101) (Version: 2.2.0.98 - WildTangent) Hidden
Roblox Player for Truman (HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
RogueKiller version 12.11.32.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.32.0 - Adlice Software)
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) <==== ATTENTION
Starry Night Celestron 7 (HKLM-x32\...\{3F8C0EC8-5748-477B-AE43-5A51F9279B9A}) (Version: 7.6.3.1377 - Simulation Curriculum Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (HKLM-x32\...\WTA-e0d17fcd-a719-4de3-ba51-91afb0a8d1c7) (Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Unchecky v1.1 (HKLM-x32\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-8470e718-8934-4bcd-a8cf-46b6f0b8ceef) (Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (05/27/2016 4.3.12) (HKLM\...\94C2625000FDEC5DD549EADDF8698D48672C3037) (Version: 05/27/2016 4.3.12 - BigNox Corporation)
Windows Driver Package - Oracle Corporation (VBoxUSB) USB (05/27/2016 4.3.12) (HKLM\...\9B8A57D7ECC2B5D3115B5A1361FAE29AC92E355B) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Driver Package - Oracle Corporation VBoxUSBMon System (05/27/2016 4.3.12) (HKLM\...\2B96D1320C797F081985B7C1EA9A2DABAC2644BF) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.8-0 - Bitnami)
Youda Jewel Shop (HKLM-x32\...\WTA-0b78c680-cbf8-4306-af6f-47462a217fcb) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-45005cbc-8b9b-4555-bf7c-ebaf7d3f749a) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1885365164-783125255-1517774114-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-20] (Cyberlink)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-07-18] (WinZip Computing, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-20] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-24] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-07-18] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2016-07-18] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {185C7537-98CE-4D11-A150-681C16A0C443} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1933ABDF-2E6E-455C-B2F0-C7F79A2194C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F2D5690-DDD2-4616-9613-D72608CF1655} - System32\Tasks\HPCeeScheduleForTruman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2E5397F9-0E9C-452D-BB72-26DC312BA0B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {30977D30-B379-4EE5-BB74-A0514FB45E60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {30FB29F0-7645-49A0-AF02-4F6B2E2A0922} - System32\Tasks\Norton Security Scan for Truman => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.103\Nss.exe [2017-12-15] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {44605548-7A14-45A2-B4BF-E21A7A2CDE3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {45D5E8C6-0AB8-404F-B48A-DA2A7DFC59AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {530DCAE5-4763-4474-BD7F-161517A08B8D} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {53EED56F-DF3E-45AA-BE9A-28224FF228A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {5F2A6B9C-C28E-4586-8BF0-AD063778201C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {6756B108-A742-4FB2-AB1A-15ED7709D6CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {6C5132EE-128D-406E-8DE9-B51852AEB7C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6E14D00A-DA09-493F-8DD4-E381661AD406} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7AFE1918-4FC0-425A-B55C-5E772874554D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {82CEC6D6-8680-4422-983E-BC2EC9DAFEFD} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-12-08] (Apple Inc.)
Task: {914E08D3-0606-466A-91CF-E66425EDBA6C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {A03B7CD3-5817-4C65-9C44-452A25C695F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A86C8928-DD2A-4155-9B6B-166660628690} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {A8B35045-D3B9-4196-A616-2966693E90A6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6E8F81E-8082-4CA8-A9FE-65ADDFD7D202} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B7367F0A-5266-432E-9E71-878239E25972} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {BBD29995-FF21-4ABF-B2E5-F94B232DFED3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {BEF402E9-3F07-4473-B918-50E02E10C742} - \Optimize Start Menu Cache Files-S-1-5-21-1885365164-783125255-1517774114-1001 -> No File <==== ATTENTION
Task: {C73CC929-354B-42B9-932F-A291BDBF4EF1} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {CBDD192D-A084-49EA-8099-BC488286621B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {D039255B-D016-4FAD-89FF-CD6F0A03E926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {DAD5BF32-A417-47F0-A8B9-A5EB8CEE428F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E0953DD7-C5B9-4E62-840D-3ECCEA8010D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E0DF66D2-BEA3-4366-B8C4-A96FE96A5B2B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E55B5856-52EA-4AAD-B807-881EBF983A3F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ED18396D-BDF3-4E0E-94B1-A4B839DCF198} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EFF8D898-52EE-44AE-9378-BA48794E43AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F24C7A78-E40E-42D4-B8BA-087A6793960C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\HPCeeScheduleForTruman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Truman\Desktop\DPC3939 - Shortcut.lnk -> hxxp://10.0.0.1

ShortcutWithArgument: C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Funky Karts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=jbgibbcljlbkkeaogjofolcbakcokmie
ShortcutWithArgument: C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pong 2.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=capmpnebnckdpjbjdcgnokjafpdbmadn

==================== Loaded Modules (Whitelisted) ==============

2018-01-01 21:05 - 2017-05-31 11:09 - 002270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-30 03:23 - 2017-06-24 17:16 - 000598528 _____ () C:\Users\Truman\AppData\Local\MEGAsync\ShellExtX64.dll
2016-07-29 02:15 - 2016-05-24 11:43 - 008909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-03 08:03 - 2018-01-03 08:03 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 08:03 - 2018-01-03 08:03 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 08:03 - 2018-01-03 08:03 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 08:03 - 2018-01-03 08:03 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 08:03 - 2018-01-03 08:03 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-03-03 08:18 - 2016-05-24 08:51 - 000116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-18 07:04 - 2017-12-18 07:04 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:03 - 2017-10-05 09:04 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-05 18:48 - 2017-11-05 18:49 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 09:03 - 2017-10-05 09:04 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-28 16:32 - 2017-08-28 16:32 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-18 07:04 - 2017-12-18 07:04 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-09-26 13:26 - 2013-09-26 13:26 - 000109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 13:32 - 2013-09-26 13:32 - 000627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 13:28 - 2013-09-26 13:28 - 002540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 13:34 - 2013-09-26 13:34 - 000064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2018-01-07 18:38 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-07 18:38 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2015-07-10 22:37 - 2015-07-10 22:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2018-01-05 17:52 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1885365164-783125255-1517774114-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Truman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6C179CD8-CE8E-41F2-A9F1-E9DBD53E7C03}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{714DA569-A8EE-4D7E-8DD6-A8B9B50FE64C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{315E8EA0-3AB2-4D39-96C1-D8724FFB19CD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{35646031-CEB7-4CDE-93D6-EFC286D16433}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8648C703-CEFE-49C6-85FC-8BD0669FA3FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C9731335-D59D-4358-9E5A-4CA86CA5DD90}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{43BEE2B8-E888-490D-9AFF-222648F877E7}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{3AF71367-D81C-46FE-9717-1D505883A671}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{1315F30F-AA74-489C-BF56-1AF2C073E2EC}] => (Allow) C:\Users\Truman\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{554B662A-CD80-4C9B-9B64-6D292B07A185}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{21EE1893-9F55-48AE-88BF-77163B763482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{91530039-EC90-4F80-A15B-DA789BF07D3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{9BAA867C-7B8A-4184-A7C7-32A72446BEC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{3DDB6181-95B2-4836-8BD7-868D937AEA74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8C643168-7B51-4A65-B4D2-8E7EBB3CA4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CF6E3A86-3E96-4503-A2C5-F7616E1C7531}] => (Allow) C:\Users\Truman\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{3F4456DC-A957-45EC-BECE-2407F3F5907A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3A99BF8-6DCA-4B95-8DF4-F01C77E7CBE0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E7CE7C3C-D8D3-4E53-9675-C956856598E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A2928392-540C-4F67-9A32-6EBF02DC3496}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0CC6ADE-7765-4B6A-B6AD-3325D733EFC1}] => (Allow) C:\Users\Truman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E70ECCFA-CFCB-4E69-9E61-CE9B432B90E0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9C877B44-7E74-4322-881C-09AA5C17F973}] => (Allow) LPort=1900
FirewallRules: [{2EA8F3B1-4362-49C7-9E7E-80315EECF182}] => (Allow) LPort=2869
FirewallRules: [{6187E20C-0F1C-44D9-B988-33A6475594A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A1B4959-7E00-448D-9CBA-0737D95DE584}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{323CB7F0-6AE7-4B2B-A5A7-62F7E5113C70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{568CA538-1A60-4EF1-A34F-94156A38B9CB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8682E4FD-AA01-4FF7-AA74-3CC35BBA2E19}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E1E2A80A-87FA-4936-9852-5A9C26AFB91D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{53B5405A-1374-471A-B736-D29C746539A6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4769F742-85F5-4540-809F-4BF6F99A2ADD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5FE1197B-12FB-4C70-B20A-F012DA912B53}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{30B7691D-B9CA-4634-B641-0135FCDFC140}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{AEB1B9BF-37AB-49E7-A8DB-F7EE04BCF32B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{FF08689D-7D30-4584-ACB2-FE0708522166}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{48A56C5A-972C-4C76-91A9-99F8B6E9BC1B}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C642B58A-D973-4FAB-A591-D9FC0126D7BC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{ACFE729B-3672-4254-AD15-B41E24ADE597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{A5246749-F3F6-4409-992E-7469D5F039D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{A074CDD6-CBD3-4532-9631-6630DD50AD81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{03AC6B74-A7AB-40EF-9833-EA0F26B183CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{2CDD0887-185E-4961-B063-4E03877E4D72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{6F522AE0-0F7B-4328-96F8-E50FB0EABC34}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{A4AD18B2-1877-4828-88BE-3FD3A69E35CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{9A2ED67B-3339-4565-AF81-722C2685B591}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{C4739C24-16D7-4B70-801F-B01070FC1B77}] => (Allow) LPort=5357
FirewallRules: [{791F4D2D-4076-442E-B1F1-A7251D3C2201}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{167AD58F-2B22-4969-BC3D-53A439B82C93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C2ACC3E7-8949-48AB-B733-5A5A3C0747C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41FF6ECE-2068-40DF-A9F1-2596C2CA6CD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A5F6CDB-E436-442C-85FF-D8834B8D3987}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{539058DE-39A2-4ED8-8055-D6AD4622E5E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{684C4910-F6C3-477A-B19F-B6A9C73C4165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{0B07694B-9A7B-42D0-A39B-A9A3B8115699}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{C5C6B69F-5332-474F-8250-DFA53AD337BD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3BFE03DB-E350-4A22-A2CF-8FFF7821ADAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{53CE589A-84A4-4019-B441-5EB268502EFC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{89319FE5-2EB4-49CF-84B5-330DDAE0434E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9DEFCC81-EDEF-41DF-AD6F-27FC84C8C373}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2819BA0A-0713-43BA-9699-C9944CE6DA6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{373B70B5-F7C5-42FE-9BE1-47B424742ABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe
FirewallRules: [{D1EBE6DB-49F6-4ADE-AF45-0EFF8E12111F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-12-2017 17:36:18 Scheduled Checkpoint
31-12-2017 10:47:48 Scheduled Checkpoint
01-01-2018 21:04:32 Installed Adobe Reader XI.
07-01-2018 18:29:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2018 03:40:17 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (01/09/2018 08:24:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICECOMP)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/09/2018 08:22:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/08/2018 08:41:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICECOMP)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2018 08:23:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.15063.608 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3240

Start Time: 01d388e67830e2bc

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 090497a8-4f8a-4921-84ee-a71f0ca3d546

Faulting package full name:

Faulting package-relative application ID:

Error: (01/08/2018 05:40:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (01/08/2018 05:40:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (01/08/2018 05:40:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2018 05:22:51 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (01/08/2018 05:12:49 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


System errors:
=============
Error: (01/10/2018 06:41:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2018 05:38:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 23 time(s).

Error: (01/09/2018 05:22:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2018 04:29:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 22 time(s).

Error: (01/09/2018 03:40:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2018 03:26:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 21 time(s).

Error: (01/09/2018 02:39:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ROUTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78F9F6A8-E5B2-4EE3-98B8-3A42F360E25A}.
The master browser is stopping or an election is being forced.

Error: (01/09/2018 02:29:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2018 01:46:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 20 time(s).

Error: (01/09/2018 01:39:05 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ROUTER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{78F9F6A8-E5B2-4EE3-98B8-3A42F360E25A}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
Date: 2018-01-10 07:08:15.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 07:08:15.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 07:08:14.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 07:08:14.632
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 07:08:14.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 07:08:14.308
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 06:51:57.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-10 06:51:57.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-09 13:35:46.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-09 13:35:46.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3220T @ 2.60GHz
Percentage of memory in use: 72%
Total physical RAM: 3986.5 MB
Available physical RAM: 1105.77 MB
Total Virtual: 6988.48 MB
Available Virtual: 2139.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.03 GB) (Free:718.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.56 GB) (Free:1.93 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E9BCE9B)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Truman (administrator) on OFFICECOMP (10-01-2018 07:11:10)
Running from C:\Users\Truman\AppData\Local\Microsoft\Windows\INetCache\IE\P9U5J1IJ
Loaded Profiles: Truman (Available Profiles: Truman)
Platform: Windows 10 Home Version 1703 15063.786 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401880 2017-01-25] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-06-03] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Run: [Chromium] => c:\users\truman\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C0].tx
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-04]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2016-08-17]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-04]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-04]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-09-02]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Truman\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{40e11fcc-099e-45fe-82c5-e88e1c367e4f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6a589b9f-6d92-11e7-b521-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{78f9f6a8-e5b2-4ee3-98b8-3a42f360e25a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{78f9f6a8-e5b2-4ee3-98b8-3a42f360e25a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7c16c5c5-353c-4b5e-bc8b-1739f2776345}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9e8cbbe7-0e33-4391-a90e-5a66551b952f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9e8cbbe7-0e33-4391-a90e-5a66551b952f}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{aab25b93-7419-4016-a036-4cf4db836f39}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{aab25b93-7419-4016-a036-4cf4db836f39}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
HKU\S-1-5-21-1885365164-783125255-1517774114-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_16_10&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBzz0EtAyEyB0FtD0CyB0D0CtBtByBzztN0D0Tzu0StCyDtByBtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0CtA0DtBtDyD0CtGyD0Fzy0BtGyE0FyB0FtGtAyDzyzztGyEyD0EzztDyByE0DzztCzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtCtDzztAtD0AtGyEyB0C0DtGyEtDtByCtGzy0C0FzytGyByC0EzztBzzyEyBtAtAtCyE2QtN0A0LzuyE%26cr%3D1862482208%26a%3Dwbf_secureddownload_16_10%26os_ver%3D6.3%26os%3DWindows%2B8.1"
CHR NewTab: Default -> Not-active:"chrome-extension://oonbaijieghkkhgefojmpkolhcoibljk/index.html", Active:"chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR Profile: C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default [2018-01-10]
CHR Extension: (Slides) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-04]
CHR Extension: (YouTube) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-04]
CHR Extension: (Pong 2) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\capmpnebnckdpjbjdcgnokjafpdbmadn [2016-12-14]
CHR Extension: (Tampermonkey) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-28]
CHR Extension: (Slither.io) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmplapbomebhmdffmlhgbelgcnfajapj [2016-04-28]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-10-12]
CHR Extension: (Free Rider HD) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2016-04-28]
CHR Extension: (Sheets) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Funky Karts) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbgibbcljlbkkeaogjofolcbakcokmie [2018-01-08]
CHR Extension: (HP Network Check Launcher) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-02-02]
CHR Extension: (Trump Filter) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhondapiaknegjpellpodegmeonigjic [2016-09-28]
CHR Extension: (Norton Safe) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-04]
CHR Extension: (Search Manager) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonbaijieghkkhgefojmpkolhcoibljk [2018-01-08]
CHR Extension: (Gmail) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Truman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-31]
CHR HKU\S-1-5-21-1885365164-783125255-1517774114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76952 2016-08-11] (Comodo Security Solutions, Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-08-17] (EasyAntiCheat Ltd)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2485904 2016-06-03] (Comodo Security Solutions, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [294680 2017-10-03] (Reason Software Company Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows (R) Win 7 DDK provider)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-31] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2018-01-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2018-01-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2018-01-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2018-01-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2018-01-10] (Malwarebytes)
R1 MpKsl444de07e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30198C66-B69C-43AE-AC3E-A46DC9FC69EE}\MpKsl444de07e.sys [58120 2018-01-10] (Microsoft Corporation)
R1 MpKsl497bf329; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10A9FAEE-1DA8-4893-AD65-0745AE3339D3}\MpKsl497bf329.sys [58120 2018-01-01] (Microsoft Corporation)
R1 MpKsld1c7a7e9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D2A7E1-B49F-4D98-A3D3-90C216F940D0}\MpKsld1c7a7e9.sys [58120 2018-01-04] (Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-01-08] ()
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [133064 2016-05-27] (BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U5 xb1usb; C:\Windows\System32\Drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
S1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)
S1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [281544 2016-05-27] (BigNox Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 07:01 - 2018-01-10 07:01 - 000001614 _____ C:\Users\Truman\Downloads\Untitled document.pdf
2018-01-09 15:12 - 2018-01-09 15:12 - 000000000 ____D C:\Users\Truman\AppData\LocalLow\Adobe
2018-01-09 15:12 - 2018-01-09 15:12 - 000000000 ____D C:\Users\Truman\AppData\Local\Adobe
2018-01-08 20:48 - 2018-01-09 08:18 - 000000000 ____D C:\AdwCleaner
2018-01-08 20:47 - 2018-01-08 20:48 - 008198432 _____ (Malwarebytes) C:\Users\Truman\Downloads\AdwCleaner.exe
2018-01-08 07:35 - 2018-01-08 07:35 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-01-08 07:34 - 2018-01-08 07:34 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-01-08 07:34 - 2018-01-08 07:34 - 000000000 ____D C:\ProgramData\RogueKiller
2018-01-08 07:34 - 2018-01-08 07:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-01-08 07:34 - 2018-01-08 07:34 - 000000000 ____D C:\Program Files\RogueKiller
2018-01-08 07:31 - 2018-01-08 07:31 - 033463072 _____ (Adlice Software ) C:\Users\Truman\Desktop\RogueKiller_setup_ref3.exe
2018-01-08 07:29 - 2018-01-08 20:44 - 000000000 ____D C:\Users\Truman\Desktop\scans
2018-01-04 15:03 - 2018-01-04 15:50 - 000000000 ____D C:\Users\Truman\AppData\LocalLow\VRChat
2018-01-04 15:03 - 2018-01-04 15:03 - 000000000 ____D C:\ProgramData\.mono
2018-01-04 15:01 - 2018-01-04 15:01 - 000000222 _____ C:\Users\Truman\Desktop\VRChat.url
2018-01-02 12:18 - 2018-01-02 12:19 - 000058033 _____ C:\Users\Truman\Downloads\Addition.txt
2018-01-02 12:16 - 2018-01-10 07:11 - 000000000 ____D C:\FRST
2018-01-02 12:16 - 2018-01-02 12:19 - 000048585 _____ C:\Users\Truman\Downloads\FRST.txt
2018-01-02 12:15 - 2018-01-02 12:15 - 002393088 _____ (Farbar) C:\Users\Truman\Downloads\FRST64.exe
2018-01-02 07:09 - 2018-01-02 07:35 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-01-02 06:52 - 2018-01-02 06:52 - 000000000 ____D C:\Users\Truman\AppData\Local\Simulation Curriculum
2018-01-02 06:52 - 2018-01-02 06:52 - 000000000 ____D C:\Users\Truman\AppData\Local\CrashRpt
2018-01-01 21:14 - 2018-01-01 21:14 - 000002084 _____ C:\Users\Public\Desktop\Starry Night Celestron 7.lnk
2018-01-01 21:14 - 2018-01-01 21:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starry Night Celestron 7
2018-01-01 21:14 - 2018-01-01 21:14 - 000000000 ____D C:\Program Files (x86)\Starry Night Celestron 7
2018-01-01 21:07 - 2018-01-10 06:50 - 000093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-01 21:07 - 2018-01-05 17:52 - 000113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-01 21:07 - 2018-01-01 21:07 - 000188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2018-01-01 21:06 - 2018-01-05 17:52 - 000252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-01-01 21:06 - 2018-01-05 17:52 - 000044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-01 21:05 - 2018-01-01 21:05 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-01-01 21:05 - 2018-01-01 21:05 - 000002103 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2018-01-01 21:05 - 2018-01-01 21:05 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-01 21:05 - 2018-01-01 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-01 21:05 - 2018-01-01 21:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-01 21:05 - 2018-01-01 21:05 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-01 21:05 - 2018-01-01 21:05 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-01-01 21:05 - 2017-05-31 11:09 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-01 21:04 - 2018-01-09 15:13 - 000000000 ____D C:\ProgramData\Adobe
2018-01-01 20:58 - 2018-01-01 21:01 - 1494225872 _____ C:\Users\Truman\Downloads\starrynightcelestron7.exe
2017-12-26 12:41 - 2017-12-26 12:41 - 000018213 _____ C:\Users\Truman\Downloads\DataWindow(1) (3).pdf
2017-12-26 12:40 - 2017-12-26 12:40 - 000018213 _____ C:\Users\Truman\Downloads\DataWindow(1) (2).pdf
2017-12-26 12:39 - 2017-12-26 12:39 - 000018213 _____ C:\Users\Truman\Downloads\DataWindow(1).pdf
2017-12-26 12:39 - 2017-12-26 12:39 - 000018213 _____ C:\Users\Truman\Downloads\DataWindow(1) (1).pdf
2017-12-19 18:59 - 2017-11-29 22:00 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-12-19 18:59 - 2017-11-29 21:58 - 006763128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-19 18:59 - 2017-11-29 21:58 - 000702032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-12-19 18:59 - 2017-11-29 21:57 - 001123968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-12-19 18:59 - 2017-11-29 21:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-12-19 18:59 - 2017-11-29 21:44 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-19 18:59 - 2017-11-29 21:43 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-12-19 18:59 - 2017-11-29 21:43 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-12-19 18:59 - 2017-11-29 21:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-19 18:59 - 2017-11-29 21:42 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-19 18:59 - 2017-11-29 21:42 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-19 18:59 - 2017-11-29 21:42 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-12-19 18:59 - 2017-11-29 21:41 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-19 18:59 - 2017-11-29 21:40 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-19 18:59 - 2017-11-29 21:40 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-19 18:59 - 2017-11-29 21:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-19 18:59 - 2017-11-29 21:38 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-12-19 18:59 - 2017-11-29 21:38 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-12-19 18:59 - 2017-11-29 21:38 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-19 18:59 - 2017-11-29 21:37 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-19 18:59 - 2017-11-29 21:36 - 003652096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-19 18:59 - 2017-11-29 21:36 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-12-19 18:59 - 2017-11-29 21:36 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-19 18:59 - 2017-11-29 21:35 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-19 18:59 - 2017-11-29 21:34 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-12-19 18:59 - 2017-11-17 04:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-12-19 18:59 - 2017-11-17 04:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-12-19 18:58 - 2017-11-29 22:33 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-12-19 18:58 - 2017-11-29 22:33 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-12-19 18:58 - 2017-11-29 22:33 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-12-19 18:58 - 2017-11-29 22:29 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-12-19 18:58 - 2017-11-29 22:26 - 002647216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-12-19 18:58 - 2017-11-29 22:24 - 000870896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-12-19 18:58 - 2017-11-29 22:23 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-12-19 18:58 - 2017-11-29 22:23 - 001194248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-12-19 18:58 - 2017-11-29 21:59 - 023678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-12-19 18:58 - 2017-11-29 21:45 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-19 18:58 - 2017-11-29 21:44 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-19 18:58 - 2017-11-29 21:44 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-19 18:58 - 2017-11-29 21:44 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-12-19 18:58 - 2017-11-29 21:44 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-19 18:58 - 2017-11-29 21:43 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-19 18:58 - 2017-11-29 21:42 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-12-19 18:58 - 2017-11-29 21:42 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-19 18:58 - 2017-11-29 21:42 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-12-19 18:58 - 2017-11-29 21:42 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-19 18:58 - 2017-11-29 21:41 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-12-19 18:58 - 2017-11-29 21:41 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2017-12-19 18:58 - 2017-11-29 21:41 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-12-19 18:58 - 2017-11-29 21:41 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-19 18:58 - 2017-11-29 21:40 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-19 18:58 - 2017-11-29 21:40 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-19 18:58 - 2017-11-29 21:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-19 18:58 - 2017-11-29 21:39 - 003206656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-12-19 18:58 - 2017-11-29 21:39 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-12-19 18:58 - 2017-11-29 21:39 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-12-19 18:58 - 2017-11-29 21:38 - 008195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-12-19 18:58 - 2017-11-29 21:38 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-19 18:58 - 2017-11-29 21:37 - 006252544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-12-19 18:58 - 2017-11-29 21:37 - 003306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-19 18:58 - 2017-11-29 21:37 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-12-19 18:58 - 2017-11-29 21:36 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-12-19 18:58 - 2017-11-29 21:36 - 004726784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-19 18:58 - 2017-11-29 21:36 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-19 18:58 - 2017-11-29 21:36 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-12-19 18:58 - 2017-11-29 21:36 - 000755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-12-19 18:58 - 2017-11-17 04:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-12-19 18:58 - 2017-11-17 04:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-12-19 18:58 - 2017-11-17 04:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-12-19 18:58 - 2017-11-17 04:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-12-19 18:58 - 2017-11-17 04:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-12-19 18:58 - 2017-11-17 04:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-12-19 18:58 - 2017-11-17 04:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-12-19 18:58 - 2017-11-17 04:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-12-19 18:58 - 2017-11-17 04:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-12-19 18:58 - 2017-11-17 03:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-12-19 18:58 - 2017-11-17 03:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-19 18:21 - 2017-12-19 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-12-19 18:20 - 2017-12-19 18:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-19 18:20 - 2017-12-19 18:20 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-19 18:19 - 2017-12-19 18:19 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-19 18:19 - 2017-12-19 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-19 18:19 - 2017-12-19 18:19 - 000000000 ____D C:\Program Files\iTunes
2017-12-19 18:19 - 2017-12-19 18:19 - 000000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-10 06:53 - 2016-03-01 13:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 06:48 - 2017-10-10 19:27 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 06:48 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-10 06:48 - 2016-03-01 13:41 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 06:45 - 2017-07-20 15:51 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{92351D21-5193-4870-9789-F879D3E02DCF}
2018-01-10 06:41 - 2017-07-20 15:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-09 15:44 - 2017-07-25 08:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-09 15:12 - 2016-02-28 19:04 - 000000000 ____D C:\Users\Truman\AppData\Roaming\Adobe
2018-01-09 08:22 - 2017-07-20 15:51 - 000003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTruman
2018-01-09 08:22 - 2016-03-08 10:53 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTruman.job
2018-01-09 08:21 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-09 08:21 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-09 08:18 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Registration
2018-01-08 20:10 - 2017-08-20 18:05 - 000000000 ____D C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pluto TV
2018-01-08 18:41 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2018-01-08 12:54 - 2017-07-20 15:51 - 000003496 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2018-01-08 07:34 - 2016-05-18 18:59 - 000000000 ____D C:\ProgramData\Unchecky
2018-01-08 06:48 - 2016-07-18 15:02 - 000000000 ___RD C:\Users\Truman\iCloudDrive
2018-01-08 06:45 - 2016-04-28 19:56 - 000000000 __SHD C:\Users\Truman\IntelGraphicsProfiles
2018-01-08 06:44 - 2017-07-20 15:31 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-07 20:30 - 2017-07-18 13:44 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-07 20:17 - 2017-07-20 15:57 - 000043818 _____ C:\WINDOWS\diagwrn.xml
2018-01-07 20:17 - 2017-07-20 15:57 - 000043818 _____ C:\WINDOWS\diagerr.xml
2018-01-07 19:32 - 2017-09-29 10:04 - 000000000 ___HD C:\$WINDOWS.~BT
2018-01-07 18:38 - 2016-03-04 15:26 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 18:38 - 2016-03-04 15:26 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-05 17:59 - 2017-07-20 15:32 - 001306770 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-05 17:58 - 2017-07-20 15:33 - 000000000 ____D C:\Users\Truman
2018-01-05 17:52 - 2017-07-20 15:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-04 15:50 - 2016-03-03 08:08 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-04 15:22 - 2016-08-02 03:47 - 000000000 ____D C:\Users\Truman\AppData\Local\CrashDumps
2018-01-04 15:01 - 2016-05-11 13:42 - 000000000 ____D C:\Users\Truman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-04 14:55 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-04 11:10 - 2017-07-20 19:26 - 000000000 ____D C:\Windows.old
2018-01-02 12:19 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2018-01-02 07:53 - 2017-12-05 08:50 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-02 07:35 - 2016-02-13 08:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-02 07:30 - 2017-07-20 15:29 - 000274032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-02 07:29 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-01-02 07:28 - 2017-06-17 23:03 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-01-02 07:28 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-02 07:08 - 2016-03-07 19:35 - 000000000 __HDC C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2018-01-02 07:06 - 2016-05-18 18:59 - 000000000 ____D C:\Users\Truman\AppData\Roaming\Nico Mak Computing
2018-01-02 07:06 - 2016-05-18 18:59 - 000000000 ____D C:\ProgramData\Nico Mak Computing
2017-12-23 14:35 - 2017-12-04 18:01 - 000004308 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for Truman
2017-12-19 18:20 - 2016-07-18 14:44 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-18 07:05 - 2016-02-28 19:04 - 000000000 ____D C:\Users\Truman\AppData\Local\Packages
2017-12-18 06:45 - 2016-07-29 08:38 - 000000000 ____D C:\ProgramData\NortonInstaller

==================== Files in the root of some directories =======

2016-06-01 06:22 - 2016-06-01 06:22 - 003000339 _____ () C:\Users\Truman\AppData\Roaming\sb562.dat
2016-07-10 17:47 - 2016-07-10 17:47 - 002240532 _____ () C:\Users\Truman\AppData\Roaming\sb62.dat
2016-06-08 06:01 - 2016-06-08 06:01 - 002984980 _____ () C:\Users\Truman\AppData\Roaming\sb640.dat

Some files in TEMP:
====================
2017-08-30 05:53 - 2017-08-30 05:53 - 001129472 _____ () C:\Users\Truman\AppData\Local\Temp\7z.dll
2018-01-08 07:34 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Truman\AppData\Local\Temp\dllnt_dump.dll
2017-11-21 11:53 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Truman\AppData\Local\Temp\TAInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-08 17:27

==================== End of FRST.txt ============================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Truman (11-01-2018 07:01:49) Run:1
Running from C:\Users\Truman\Desktop
Loaded Profiles: Truman (Available Profiles: Truman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a92e2408
Task: {185C7537-98CE-4D11-A150-681C16A0C443} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1933ABDF-2E6E-455C-B2F0-C7F79A2194C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {30977D30-B379-4EE5-BB74-A0514FB45E60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {45D5E8C6-0AB8-404F-B48A-DA2A7DFC59AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6C5132EE-128D-406E-8DE9-B51852AEB7C8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7AFE1918-4FC0-425A-B55C-5E772874554D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A03B7CD3-5817-4C65-9C44-452A25C695F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A8B35045-D3B9-4196-A616-2966693E90A6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {BEF402E9-3F07-4473-B918-50E02E10C742} - \Optimize Start Menu Cache Files-S-1-5-21-1885365164-783125255-1517774114-1001 -> No File <==== ATTENTION
Task: {C73CC929-354B-42B9-932F-A291BDBF4EF1} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {E0953DD7-C5B9-4E62-840D-3ECCEA8010D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E0DF66D2-BEA3-4366-B8C4-A96FE96A5B2B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E55B5856-52EA-4AAD-B807-881EBF983A3F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ED18396D-BDF3-4E0E-94B1-A4B839DCF198} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F24C7A78-E40E-42D4-B8BA-087A6793960C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Toolbar: HKU\S-1-5-21-1885365164-783125255-1517774114-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
2016-06-01 06:22 - 2016-06-01 06:22 - 003000339 _____ () C:\Users\Truman\AppData\Roaming\sb562.dat
2016-07-10 17:47 - 2016-07-10 17:47 - 002240532 _____ () C:\Users\Truman\AppData\Roaming\sb62.dat
2016-06-08 06:01 - 2016-06-08 06:01 - 002984980 _____ () C:\Users\Truman\AppData\Roaming\sb640.dat
2017-08-30 05:53 - 2017-08-30 05:53 - 001129472 _____ () C:\Users\Truman\AppData\Local\Temp\7z.dll
2018-01-08 07:34 - 2017-09-05 00:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Truman\AppData\Local\Temp\dllnt_dump.dll
2017-11-21 11:53 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\Truman\AppData\Local\Temp\TAInstaller.exe



*****************

"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a92e2408" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{185C7537-98CE-4D11-A150-681C16A0C443} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{185C7537-98CE-4D11-A150-681C16A0C443}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1933ABDF-2E6E-455C-B2F0-C7F79A2194C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1933ABDF-2E6E-455C-B2F0-C7F79A2194C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30977D30-B379-4EE5-BB74-A0514FB45E60}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30977D30-B379-4EE5-BB74-A0514FB45E60}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45D5E8C6-0AB8-404F-B48A-DA2A7DFC59AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45D5E8C6-0AB8-404F-B48A-DA2A7DFC59AB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C5132EE-128D-406E-8DE9-B51852AEB7C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C5132EE-128D-406E-8DE9-B51852AEB7C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AFE1918-4FC0-425A-B55C-5E772874554D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFE1918-4FC0-425A-B55C-5E772874554D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A03B7CD3-5817-4C65-9C44-452A25C695F9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A03B7CD3-5817-4C65-9C44-452A25C695F9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8B35045-D3B9-4196-A616-2966693E90A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B35045-D3B9-4196-A616-2966693E90A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEF402E9-3F07-4473-B918-50E02E10C742}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEF402E9-3F07-4473-B918-50E02E10C742}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1885365164-783125255-1517774114-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C73CC929-354B-42B9-932F-A291BDBF4EF1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C73CC929-354B-42B9-932F-A291BDBF4EF1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0953DD7-C5B9-4E62-840D-3ECCEA8010D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0953DD7-C5B9-4E62-840D-3ECCEA8010D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0DF66D2-BEA3-4366-B8C4-A96FE96A5B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0DF66D2-BEA3-4366-B8C4-A96FE96A5B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55B5856-52EA-4AAD-B807-881EBF983A3F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55B5856-52EA-4AAD-B807-881EBF983A3F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED18396D-BDF3-4E0E-94B1-A4B839DCF198}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED18396D-BDF3-4E0E-94B1-A4B839DCF198}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F24C7A78-E40E-42D4-B8BA-087A6793960C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F24C7A78-E40E-42D4-B8BA-087A6793960C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKU\S-1-5-21-1885365164-783125255-1517774114-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
"HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
C:\Users\Truman\AppData\Roaming\sb562.dat => moved successfully
C:\Users\Truman\AppData\Roaming\sb62.dat => moved successfully
C:\Users\Truman\AppData\Roaming\sb640.dat => moved successfully
C:\Users\Truman\AppData\Local\Temp\7z.dll => moved successfully
C:\Users\Truman\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Truman\AppData\Local\Temp\TAInstaller.exe => moved successfully

==== End of Fixlog 07:01:54 ====

 

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Google Chrome (63.0.3239.132)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

Farbar Service Scanner Version: 27-01-2016
Ran by Truman (administrator) on 12-01-2018 at 07:11:45
Running from "C:\Users\Truman\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

tfc links are not working, I'll try again a little later

 

they legit weren't working, 404. they're working now and I'm on it.

 

OK, everything ran. Sophos didn't find anything. No log opened. Is there one? I can't find anything.