1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Booting and running very slowly

Discussion in 'Virus & Other Malware Removal' started by Grant58, Jan 12, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    Hi All, My Dell Inspiron laptop has recently started to take an age yo boot up and then every program or browser runs really slow. Here is my Sys.info file:

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 4002 Mb
    Graphics Card: Intel(R) HD Graphics 3000, 1809 Mb
    Hard Drives: C: 451 GB (290 GB Free);
    Motherboard: Dell Inc., 01FF8R
    Antivirus: Windows Defender, Enabled and Updated

    Thank you
    Grant
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,801
    First Name:
    Frank
    Clipboard.jpg

    You appear to have a Dell Inspiron 15R N5110 laptop.
    It has the above Intel processor and Intel graphic device and appears to have originally come with Windows 7 Home Premium 64-bit.
    What's the 7-character "service tag/serial" number on yours?

    We don't know how well you maintain that laptop and what's installed and running in it, so there could be several reasons why it's running slow.
    What other security-related apps do you use besides Windows 10's built-in Windows Defender?

    ----------------------------------------------------------------
     
  3. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    Thank you for your reply.
    My service tag/serial number is D49KGR1
    I Have had AVG free version on the laptop in the past but it has now been removed.

    Grant
     
  4. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,801
    First Name:
    Frank
    You have THIS Dell Inspiron 15R N5110 laptop.
    You should add and save its support site in your browser's favorites/bookmarks list so you can quickly refer to it when needed.

    If its previously had AVG installed in it and then you uninstalled it, you need to use its removal tool so it can find and remove the leftover files and registry entries.

    If it's infested with malware, spyware, viruses, etc., one of the malware removal specialists will need to help you because I'm not trained and authorized to help you in this section.

    ---------------------------------------------------------------
     
  5. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    Thank you flavallee, I have taken the steps you have suggested and await the help of a malware specialist.
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,801
    First Name:
    Frank
    You're welcome.

    Be patient because this section is very busy.

    --------------------------------------------------------------
     
  7. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hi Grant58, I apologize for the delay, but as flavallee said, this section is very busy.

    My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.

    Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem.

    If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.

    Before we begin, please familiarize yourself with the following:
    • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
    • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
    • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
    • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
    Finally:
    • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
    • You must reply to this post within four days, if you do not, then the topic will be closed.
    • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.

    If I have not responded to your post within 24 hours, then send me a private message (PM).
    Otherwise, all communication is done in the forums.


    Let's get to work! :)

    ____________________________________________________________________________________________________

    The fixes presented are specific to your problem and should only be used for the issue on this machine!
    ____________________________________________________________________________________________________

    Step 1 of 1: FRST Scan

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
    • Please copy and paste the logs back here.

    ===============================================

    When you reply to me, I need to see:
    • Any questions/concerns you might have, or if you were not able to complete any of the steps above
    • The copied and pasted results of the FRST.txt and Addition.txt logs
     
  8. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    Hi Joe, I have tried to upload FRST Scan and logs but i keep getting an error a black box with the following information
    The following error occurred:
    Forbidden
    You don't have permission to access /threads/booting-and-running-very-slowly.1221791/save-draft on this server.

    it wont allow me to send.. Any sugestions?
     
  9. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    By uploading do you mean attaching or copying/pasting? I prefer if you copy/paste, that makes it easier for me to research your logs :).
     
  10. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    Thanks for your email Joe.
    I presently have two windows open on my laptop both pointing to my thread. The first and original window.. I ran the FRST scan and tried to copy paste both files in my reply.. but the site wouldn’t let me saying I hadn’t the privileges to reply in the thread. Ie the box warning

    The following error occurred:
    Forbidden
    You don't have permission to access /threads/booting-and-running-very-slowly.1221791/save-draft on this server.

    I don’t understand how to PM you ( there are no instructions on the site) The best I could do was at the bottom of the thread there is a link to the thread url. I opened that up in a new tab and was able to report the error to you asking advice. However I still have the original thread open with the scan and additional logs which tsg will not allow me to send. Hope this clarifies.
     
  11. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Hmm.. that's quite odd, as copying/pasting from the FRST text files should be just like writing a reply to me as you are currently. When you copy the text from the FRST logs, and you attempt to paste the logs in your reply here on TSG, do you click on the box where you type the text before trying to paste? You could also try clicking, at the bottom of your thread, the button that says "More Options...", which brings you to another screen to format your reply, and try copying the text and pasting from there.

    If all else fails, you can also try uploading your text files, and I can paste them for you.
     
  12. Grant58

    Grant58 Thread Starter

    Joined:
    Jan 12, 2019
    Messages:
    16
    More options brought about same error message. Had to try upload... Sorry.
     

    Attached Files:

  13. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    That's quite odd! Not really sure why that happened. Thanks for posting your logs. I'll post them for you and begin researching them :). Please note, that there may be a slight delay in my posting as I'm still in training, and work is quite busy at the moment. Just some things to be aware of. I'll be with you shortly!
     
  14. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.01.2019
    Ran by Grant (administrator) on GRANT-PC (13-01-2019 15:59:42)
    Running from C:\Users\Grant\Downloads
    Loaded Profiles: Grant (Available Profiles: Grant & DOM & olls & dads iphone)
    Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Telefónica) C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
    (VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2750488 2015-05-15] (CANON INC.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-10-22] (Apple Inc.)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (CANON INC.)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-11-26] (Apple Inc.)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Chromium] => c:\users\grant\appdata\local\chromium\application\chrome.exe [828416 2017-01-25] (The Chromium Authors)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Screenpresso] => C:\Users\Grant\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [13416512 2018-06-21] (Learnpulse)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [GoogleChromeAutoLaunch_8F6DD9B4870666331B33C8C79D3CA7EE] => C:\Users\Grant\AppData\Local\Chromium\Application\chrome.exe [828416 2017-01-25] (The Chromium Authors)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [Dashlane] => "C:\Users\Grant\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-22] (Apple Inc.)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1587680 2018-12-12] (Google Inc.)
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\MountPoints2: {90e29f04-4047-11e1-a133-4c8093487898} - "E:\LaunchU3.exe" -a
    HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin Ltd. or its subsidiaries)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-12] (Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-29]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MG5700 series Printer.lnk [2019-01-13]
    ShortcutTarget: Canon IJ Status Monitor Canon MG5700 series Printer.lnk -> C:\Users\Grant\CNMSSC~1.DLL",SMStarterEntryPoint CNBJNP_00BBC1E27699;Canon MG5700 series Printer;cnmss Canon MG5700 series Printer (Local).dll;Canon IJ Status Monitor Canon MG5700 series Printer.lnk (No File)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{5F62D821-BF4A-4F8A-9056-6DDB6AD5AB2C}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{b46508e4-a841-4acc-aa3b-fc104ba1cc05}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{EA6D2417-1472-4B8F-BC9F-84D99D16DB14}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{f74b3f49-10da-4bbc-8de9-ef1e8d596cbd}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.view-search.com/
    URLSearchHook: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyE0CzztDzytAyEzzyBzzzyzzzzyC0DyEtN0D0Tzu0StCyByDyCtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtA0B0B0D0FtA0AtGtDzztC0DtG0C0FyDyDtGtCzzyEtBtG0FtB0AzyyD0F0B0AtBtAyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0AzytAtAtAyD0CtG0AtAzytDtGyE0FyDtCtGzy0B0D0EtG0BzzzztCyByE0B0AtCtD0EyD2QtN0A0LzuyE%26cr%3D784819815%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> DefaultScope {1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} URL = hxxp://www.view-search.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITwrQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFFdJ6k3wVI3vCIYvFE3vmoXvmk3vCk3vmk4JaYVvFE9GqYVNUI3wGYGwVM4Jmk3wVI9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IXwVQ4J6k4NVJdJCk3vmk9I6oXwVU9J6IWwVxdISIXNVJdISISvFE4IGYVwVU9I6oXNVQ3vmk4wVM4ICIXvmldISIYNVQ4IGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVJdJCk4wVU9JCIYvFJdJ6ISNVU9JCk4wVI9I6oUNVA4ISIWwVw3vGYXNVJdICISNVQ3vmk3wVM4JmoUNVRdJCIWwVJdICoVNoU9GqYYNVc3wCoUQGR7B6RoN9J9NqVcMGN4MWZoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGB6LGF6NGx4Nd%3D%3D&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {1DC0DF95-488C-4AF5-8FC2-A0B29D29C6BA} URL = hxxp://www.view-search.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-23] (Microsoft Corporation)
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-07-17] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-30] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-30] (Oracle Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
    DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AUW/Core/Player/2020PlayerAX_IKEA_Win32.cab
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-17] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    Edge:
    ======
    Edge HomeButtonPage: HKU\S-1-5-21-98693253-3412605275-1652980643-1000 -> hxxp://www.view-search.com/

    FireFox:
    ========
    FF DefaultProfile: 09ux9407.default
    FF ProfilePath: C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default [2018-12-05]
    FF Extension: (Google Code Correction) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\features\{a50d5cdc-97ed-4db7-bd26-449a434f3ee1}\[email protected] [2018-12-03] [Legacy]
    FF Extension: (Telemetry coverage) - C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\features\{a50d5cdc-97ed-4db7-bd26-449a434f3ee1}\[email protected] [2018-12-03] [Legacy]
    FF SearchPlugin: C:\Users\Grant\AppData\Roaming\Mozilla\Firefox\Profiles\09ux9407.default\searchplugins\yahoo! provided.xml [2018-12-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => not found
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-29] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
    FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2018-08-14] [Legacy] [not signed]
    FF HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-30] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-30] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-07-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-07-17] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-98693253-3412605275-1652980643-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Grant\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.view-search.com/
    CHR StartupUrls: Default -> "hxxp://www.view-search.com/"
    CHR DefaultSearchURL: Default -> hxxp://www.view-search.com/search?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search
    CHR Profile: C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default [2019-01-13]
    CHR Extension: (YouTube) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-30]
    CHR Extension: (Google Search) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-19]
    CHR Extension: (Google Maps) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoelejpajdgdjldhnpaobkadhhhlmha [2018-08-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (Gmail) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
    CHR Extension: (Chrome Media Router) - C:\Users\Grant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-05]
    CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-98693253-3412605275-1652980643-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522536 2018-12-10] (Microsoft Corporation)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
    R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [168704 2018-10-17] (VoiceFive, Inc.) <==== ATTENTION
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
    R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-01-12] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-01-12] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.)
    S3 huawei_wwanecm; C:\WINDOWS\System32\DRIVERS\ew_juwwanecm.sys [223744 2011-12-02] (Huawei Technologies Co., Ltd.)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
    U3 mfeavfk01; no ImagePath
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
    S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; c:\program files\dell support center\pcdsrvc_x64.pkms [25072 2012-02-01] (PC-Doctor, Inc.)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.)
    S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [44184 2012-07-20] (STMicroelectronics)
    R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.)
    R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.)
    U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2019-01-12] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2019-01-12] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-01-12] (Microsoft Corporation)
    U3 aspnet_state; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (Created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-13 15:59 - 2019-01-13 16:05 - 000033860 _____ C:\Users\Grant\Downloads\FRST.txt
    2019-01-13 15:56 - 2019-01-13 15:59 - 000000000 ____D C:\FRST
    2019-01-13 15:52 - 2019-01-13 15:53 - 002427392 _____ (Farbar) C:\Users\Grant\Downloads\FRST64.exe
    2019-01-13 15:22 - 2019-01-13 15:22 - 000000000 ____D C:\Users\Grant\AppData\Local\Avg
    2019-01-13 15:22 - 2019-01-13 15:21 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
    2019-01-13 15:15 - 2019-01-13 15:15 - 012068408 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Grant\Downloads\avgclear.exe
    2019-01-12 23:10 - 2019-01-12 23:11 - 000748192 _____ (TechGuy, Inc.) C:\Users\Grant\Downloads\SysInfo.exe
    2019-01-09 19:41 - 2018-09-20 04:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-01-08 18:47 - 2019-01-01 07:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-01-08 18:47 - 2019-01-01 06:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-01-08 18:47 - 2019-01-01 06:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-08 18:47 - 2019-01-01 06:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-01-08 18:46 - 2019-01-01 13:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-08 18:46 - 2019-01-01 13:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-01-08 18:46 - 2019-01-01 13:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-08 18:46 - 2019-01-01 07:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-01-08 18:46 - 2019-01-01 07:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-01-08 18:46 - 2019-01-01 07:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-01-08 18:46 - 2019-01-01 07:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-01-08 18:46 - 2019-01-01 07:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-08 18:46 - 2019-01-01 07:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-01-08 18:46 - 2019-01-01 07:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-08 18:46 - 2019-01-01 07:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-08 18:46 - 2019-01-01 07:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-08 18:46 - 2019-01-01 07:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-08 18:46 - 2019-01-01 07:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-01-08 18:46 - 2019-01-01 06:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-01-08 18:46 - 2019-01-01 06:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-01-08 18:46 - 2019-01-01 06:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-01-08 18:46 - 2019-01-01 06:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-01-08 18:46 - 2019-01-01 06:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-01-08 18:46 - 2019-01-01 06:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-08 18:46 - 2019-01-01 06:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-01-08 18:46 - 2019-01-01 06:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
    2019-01-08 18:46 - 2019-01-01 06:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-01-08 18:46 - 2019-01-01 06:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-01-08 18:46 - 2019-01-01 06:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-01-08 18:46 - 2019-01-01 06:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2019-01-08 18:46 - 2019-01-01 06:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-01-08 18:46 - 2019-01-01 06:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-08 18:46 - 2019-01-01 06:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-08 18:46 - 2019-01-01 06:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-08 18:46 - 2019-01-01 06:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2019-01-08 18:46 - 2019-01-01 06:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-01-08 18:46 - 2019-01-01 06:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-08 18:46 - 2019-01-01 06:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-08 18:46 - 2019-01-01 06:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-08 18:46 - 2019-01-01 06:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2019-01-08 18:46 - 2019-01-01 06:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-01-08 18:46 - 2019-01-01 06:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-08 18:46 - 2019-01-01 06:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-01-08 18:46 - 2019-01-01 06:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-01-08 18:46 - 2019-01-01 06:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-01-08 18:46 - 2019-01-01 06:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-01-08 18:46 - 2019-01-01 06:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-01-08 18:46 - 2019-01-01 06:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-08 18:46 - 2019-01-01 06:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2019-01-08 18:46 - 2018-12-19 04:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-08 18:45 - 2019-01-01 13:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-01-08 18:45 - 2019-01-01 13:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
    2019-01-08 18:45 - 2019-01-01 13:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2019-01-08 18:45 - 2019-01-01 13:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
    2019-01-08 18:45 - 2019-01-01 13:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
    2019-01-08 18:45 - 2019-01-01 13:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2019-01-08 18:45 - 2019-01-01 13:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
    2019-01-08 18:45 - 2019-01-01 07:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-01-08 18:45 - 2019-01-01 07:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-01-08 18:45 - 2019-01-01 07:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-01-08 18:45 - 2019-01-01 07:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-08 18:45 - 2019-01-01 07:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-08 18:45 - 2019-01-01 07:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-01-08 18:45 - 2019-01-01 07:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-08 18:45 - 2019-01-01 07:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-01-08 18:45 - 2019-01-01 06:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-01-08 18:45 - 2019-01-01 06:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-08 18:45 - 2019-01-01 06:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
    2019-01-08 18:45 - 2019-01-01 06:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
    2019-01-08 18:45 - 2019-01-01 06:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-01-08 18:45 - 2019-01-01 06:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-01-08 18:45 - 2019-01-01 06:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-01-08 18:45 - 2019-01-01 06:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-01-08 18:45 - 2019-01-01 06:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-01-08 18:45 - 2019-01-01 06:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-08 18:45 - 2019-01-01 06:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
    2019-01-08 18:45 - 2019-01-01 06:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-01-08 18:45 - 2019-01-01 06:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2019-01-08 18:45 - 2019-01-01 06:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-01-08 18:45 - 2019-01-01 06:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-01-08 18:45 - 2019-01-01 06:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-01-08 18:45 - 2019-01-01 06:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-01-08 18:45 - 2019-01-01 06:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-01-08 18:45 - 2019-01-01 06:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-01-08 18:45 - 2019-01-01 06:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-08 18:45 - 2019-01-01 06:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
    2019-01-08 18:45 - 2019-01-01 05:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-01-02 15:53 - 2019-01-02 15:53 - 000760763 _____ C:\Users\Grant\Downloads\Wireless Comfort Desktop 5000 (1).pdf
    2019-01-02 15:52 - 2019-01-02 15:52 - 002754747 _____ C:\Users\Grant\Downloads\Microsoft Product Guide.pdf
    2018-12-31 19:39 - 2018-12-31 19:41 - 000000000 ____D C:\Users\Grant\Downloads\Taranis
    2018-12-29 19:49 - 2018-12-29 19:49 - 000000000 ____D C:\Users\Grant\Downloads\Hirens.BootCD.15.2
    2018-12-29 17:44 - 2018-12-29 17:46 - 000000217 _____ C:\Users\Grant\Documents\Hirens.BootCD.iso
    2018-12-29 16:47 - 2018-12-29 17:16 - 621283886 _____ C:\Users\Grant\Downloads\Hirens.BootCD.15.2.zip
    2018-12-29 16:42 - 2018-12-29 16:42 - 000001496 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows_Password_Key_Standard_trial.lnk
    2018-12-29 16:40 - 2018-12-29 16:40 - 003671096 _____ C:\Users\Grant\Downloads\Windows_Password_Key_Standard_trial.exe
    2018-12-20 11:43 - 2018-12-14 07:29 - 001130760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2018-12-20 11:43 - 2018-12-14 07:25 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-12-20 11:43 - 2018-12-14 07:21 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-12-20 11:43 - 2018-12-14 07:21 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-12-20 11:43 - 2018-12-14 07:21 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-12-20 11:43 - 2018-12-14 07:21 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2018-12-20 11:43 - 2018-12-14 07:21 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-12-20 11:43 - 2018-12-14 07:10 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2018-12-20 11:43 - 2018-12-14 07:07 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-12-20 11:43 - 2018-12-14 06:55 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-12-20 11:43 - 2018-12-14 06:55 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-12-20 11:43 - 2018-12-14 06:54 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-12-20 11:43 - 2018-12-14 06:54 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2018-12-20 11:43 - 2018-12-14 06:52 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-12-20 11:43 - 2018-12-14 06:52 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2018-12-20 11:43 - 2018-12-14 06:51 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-12-20 11:43 - 2018-12-14 06:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-12-18 00:52 - 2018-12-18 00:52 - 000007597 _____ C:\Users\Grant\AppData\Local\Resmon.ResmonCfg
    2018-12-14 00:46 - 2018-12-14 00:46 - 000000000 ____D C:\Users\Grant\AppData\Local\NVIDIA Corporation

    ==================== One month (Modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-13 15:57 - 2018-04-11 23:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-01-13 15:34 - 2018-08-07 23:04 - 000881386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-01-13 15:34 - 2018-04-11 23:36 - 000000000 ____D C:\WINDOWS\INF
    2019-01-13 15:30 - 2018-08-12 00:05 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
    2019-01-13 15:28 - 2016-10-15 03:43 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2019-01-13 15:28 - 2016-10-15 03:43 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2019-01-13 15:28 - 2011-12-09 23:07 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2019-01-13 15:25 - 2018-08-08 00:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-01-13 15:25 - 2018-08-07 22:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-01-13 15:20 - 2018-02-19 15:07 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2019-01-13 15:18 - 2018-08-07 23:05 - 000000000 ____D C:\Users\Grant
    2019-01-13 15:18 - 2018-04-11 21:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-01-13 15:08 - 2014-11-02 12:34 - 000000000 ____D C:\Users\Grant\AppData\Roaming\Roxio Burn
    2019-01-13 14:14 - 2018-08-08 00:02 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F69BA124-9BF0-43B9-8FCE-4B12EF065F50}
    2019-01-13 00:30 - 2016-11-04 00:05 - 000000650 _____ C:\Users\Grant\AppData\Roaming\WB.CFG
    2019-01-12 23:29 - 2016-12-03 04:29 - 000000000 ____D C:\ProgramData\{569493F7-DCD6-1931-5A10-8773C0520CBD}
    2019-01-12 23:09 - 2018-08-08 00:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-01-12 23:09 - 2018-04-11 23:38 - 000000000 ___RD C:\Program Files\Windows Defender
    2019-01-12 23:05 - 2016-10-23 00:05 - 000000000 ____D C:\ProgramData\{B13C745F-3B7E-FE99-BDB8-60DB27FAEB15}
    2019-01-12 22:58 - 2018-04-11 21:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2019-01-12 22:58 - 2010-11-21 03:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2019-01-12 22:38 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-01-11 21:04 - 2018-04-11 23:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-01-11 20:55 - 2018-04-11 23:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-10 22:05 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2019-01-10 13:32 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-01-10 13:32 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-01-09 15:15 - 2018-02-20 03:32 - 000000000 ____D C:\Users\Grant\AppData\Local\Packages
    2019-01-08 19:22 - 2013-11-19 03:13 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-08 19:09 - 2012-02-12 20:52 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-02 19:41 - 2018-11-23 17:32 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-01-02 19:41 - 2018-11-23 17:32 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-12-29 19:55 - 2016-09-20 18:41 - 000000753 _____ C:\Users\Grant\AppData\Roaming\burnaware.ini
    2018-12-20 14:05 - 2018-08-08 00:02 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-98693253-3412605275-1652980643-1000
    2018-12-20 14:05 - 2018-08-07 23:05 - 000002405 _____ C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-12-20 14:05 - 2015-08-10 19:52 - 000000000 ___RD C:\Users\Grant\OneDrive
    2018-12-19 16:49 - 2011-12-09 22:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-12-19 03:07 - 2018-08-08 00:02 - 000003448 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf05d349942193
    2018-12-19 03:07 - 2018-08-08 00:02 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-12-17 21:05 - 2018-06-01 20:18 - 000000000 ____D C:\Users\Grant\Downloads\emailable
    2018-12-17 20:41 - 2015-09-18 19:18 - 000000000 ___RD C:\Users\Grant\3D Objects
    2018-12-17 20:41 - 2015-08-10 19:48 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-12-17 20:38 - 2018-08-07 22:56 - 000462872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-12-17 20:32 - 2018-04-11 23:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2018-12-17 20:32 - 2018-04-11 23:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-12-17 20:32 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\ShellComponents
    2018-12-17 18:19 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports

    ==================== Files in the root of some directories =======

    2018-08-19 11:45 - 2015-03-15 04:00 - 000106496 _____ (CANON INC.) C:\Users\Grant\cnmss Canon MG5700 series Printer (Local).dll
    2017-10-23 12:57 - 2017-10-23 12:57 - 000037073 _____ () C:\Program Files (x86)\uninstal.log
    2016-09-20 18:41 - 2018-12-29 19:55 - 000000753 _____ () C:\Users\Grant\AppData\Roaming\burnaware.ini
    2016-10-23 00:05 - 2016-10-23 00:05 - 000016959 _____ () C:\Users\Grant\AppData\Roaming\Kinubenonabe
    2016-12-03 04:30 - 2016-12-03 04:30 - 000017297 _____ () C:\Users\Grant\AppData\Roaming\Relafotopu
    2016-12-03 04:29 - 2016-12-03 04:29 - 000419328 _____ () C:\Users\Grant\AppData\Roaming\Setup16267.exe
    2016-11-04 00:05 - 2019-01-13 00:30 - 000000650 _____ () C:\Users\Grant\AppData\Roaming\WB.CFG
    2017-12-18 00:05 - 2017-12-18 00:05 - 000000068 _____ () C:\Users\Grant\AppData\Local\2k5n8qbwh2
    2017-12-16 13:05 - 2017-12-18 16:30 - 000000068 _____ () C:\Users\Grant\AppData\Local\oPkLgHcDYt
    2015-03-02 21:45 - 2015-03-02 21:45 - 000001549 _____ () C:\Users\Grant\AppData\Local\PDLSetup.20150302.214552.txt
    2018-09-19 00:02 - 2018-09-19 00:02 - 000002915 _____ () C:\Users\Grant\AppData\Local\recently-used.xbel
    2018-12-18 00:52 - 2018-12-18 00:52 - 000007597 _____ () C:\Users\Grant\AppData\Local\Resmon.ResmonCfg

    Files to move or delete:
    ====================
    C:\Windows\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job
    C:\Windows\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job


    Some files in TEMP:
    ====================
    2018-08-11 15:43 - 2018-08-11 15:43 - 007338040 _____ () C:\Users\Grant\AppData\Local\Temp\paint.net.4.0.21.install.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-08-07 22:56

    ==================== End of FRST.txt ============================
     
  15. Joeicam

    Joeicam Malware Trainee

    Joined:
    Oct 11, 2017
    Messages:
    193
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.01.2019
    Ran by Grant (13-01-2019 16:10:54)
    Running from C:\Users\Grant\Downloads
    Windows 10 Home Version 1803 17134.523 (X64) (2018-08-08 00:03:55)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-98693253-3412605275-1652980643-500 - Administrator - Disabled)
    dads iphone (S-1-5-21-98693253-3412605275-1652980643-1005 - Administrator - Enabled) => C:\Users\dads iphone
    DefaultAccount (S-1-5-21-98693253-3412605275-1652980643-503 - Limited - Disabled)
    DOM (S-1-5-21-98693253-3412605275-1652980643-1003 - Administrator - Enabled) => C:\Users\DOM
    Grant (S-1-5-21-98693253-3412605275-1652980643-1000 - Administrator - Enabled) => C:\Users\Grant
    Guest (S-1-5-21-98693253-3412605275-1652980643-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-98693253-3412605275-1652980643-1002 - Limited - Enabled)
    olls (S-1-5-21-98693253-3412605275-1652980643-1004 - Administrator - Enabled) => C:\Users\olls
    WDAGUtilityAccount (S-1-5-21-98693253-3412605275-1652980643-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
    7-Zip 18.00 beta (x64) (HKLM\...\7-Zip) (Version: 18.00 beta - Igor Pavlov)
    adbLink version 2.05 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 2.05 - jocala.com)
    Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
    Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{49F7DD82-FC83-48BF-86C6-CFE6E1E233E1}) (Version: 7.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{1FA68E27-2951-42E8-9F57-1A7F6581B4FD}) (Version: 7.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Bing Search Engine (HKLM-x32\...\{F4A91C69-A429-CDE9-15A9-BD69C5296EE9}) (Version: - )
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    BurnAware Free 9.5 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
    ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.5.0.0 - Byte Technologies LLC) <==== ATTENTION
    C309g-m (HKLM-x32\...\{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
    Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
    Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
    Canon MG5700 series User Registration (HKLM-x32\...\Canon MG5700 series User Registration) (Version: - ‭Canon Inc.)
    Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
    Canon MP610 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series) (Version: - )
    Canon MP610 series User Registration (HKLM-x32\...\Canon MP610 series User Registration) (Version: - )
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
    Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
    CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
    Chromium (HKLM-x32\...\{6CEB842B-3C6B-55AB-8DEB-252B5D6BF6AB}) (Version: - )
    Chromium (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Chromium) (Version: 58.0.2993.0 - Chromium)
    Connection Manager (HKLM-x32\...\O2UK) (Version: 8.7.6.792 - Connection Manager)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Custom Help (HKLM\...\{E01EEE45-7768-4984-BDB2-76F5C5A823BE}) (Version: 15.06.1000.0142 - Intel Corporation) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
    Dell Support Center (HKLM\...\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}) (Version: 3.1.5907.23 - PC-Doctor, Inc.) Hidden
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.23 - Dell Inc.)
    Dell System Detect (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\73f463568823ebbe) (Version: 6.5.0.6 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
    Dell VideoStage (HKLM-x32\...\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Hidden
    Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
    Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.2.18201 - Steinberg Media Technologies GmbH)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
    Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
    Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
    GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\HP Photo Creations) (Version: 1.0.0.22192 - HP)
    HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
    HUAWEI DataCard Driver 4.23.11.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.23.11.00 - Huawei technologies Co., Ltd.)
    Icecream PDF Converter version 2.74 (HKLM-x32\...\{6811A286-E9F4-4035-9738-7721C087E500}_is1) (Version: 2.74 - Icecream Apps)
    iCloud (HKLM\...\{D9044A6D-7B3C-495B-A764-2A4F604ED5E2}) (Version: 7.8.1.12 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
    Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
    iTunes (HKLM\...\{3F702C1B-628F-46FB-A094-56D5404CEE63}) (Version: 12.9.1.4 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    Kodi (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Kodi) (Version: - XBMC-Foundation)
    MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Mass Image Compressor V.2 (HKLM-x32\...\{B2A39340-EE1F-4BC4-8538-3F73090CC85C}) (Version: 2.0.0 - Rajput Y H)
    Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9126.2336 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
    Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network64 (HKLM\...\{48C0866E-57EB-444C-8371-8E4321066BC3}) (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
    OpenTX Companion 2.2 (HKLM-x32\...\OpenTX Companion 2.2) (Version: - OpenTX)
    paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
    PhotoShowExpress (HKLM-x32\...\{3250260C-7A95-4632-893B-89657EB5545B}) (Version: 2.0.063 - Sonic Solutions) Hidden
    PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.419 - VoiceFive, Inc.) <==== ATTENTION
    PS_AIO_06_C309g-m_SW_Min (HKLM-x32\...\{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
    QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
    RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
    RehearScore (HKLM-x32\...\RehearScore) (Version: - )
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.2 - Roxio) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
    Screenpresso (HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\Screenpresso) (Version: 1.7.2.0 - Learnpulse)
    Search the Web (Yahoo) (HKLM-x32\...\{7FEA972A-2F6A-46AA-9EEA-362A4E6AE5AA}) (Version: - ) <==== ATTENTION
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
    Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
    SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Sonic CinePlayer Decoder Pack (HKLM-x32\...\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}) (Version: 4.3.0 - Sonic Solutions) Hidden
    Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 6.45 - NCH Software)
    TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.)
    TI USB3 Host Driver (HKLM-x32\...\{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}) (Version: 1.12.14.0 - Texas Instruments Inc.) Hidden
    Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
    WaveLab LE 7 (64 bit) (HKLM\...\WaveLabLE7_64) (Version: 7.2.1.600 - Steinberg)
    WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-10-22] (Apple Inc.)
    ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => c:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2010-11-11] (TODO: <Company name>)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov)
    ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0DF8F44C-B0E4-48A8-95A1-6BB1029338DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {112A48A7-D749-4CF9-8357-5E400D867A28} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-19] (Microsoft Corporation)
    Task: {127CA620-FB89-4456-BFC5-8D9CDD987EDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1BCE380D-8E05-4591-9E48-274561B97292} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {23EEE392-9C39-417F-A3E0-E071F5E9A1E0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-10-24] ()
    Task: {2CB09D5C-33DB-4172-9C58-5FDDFA3FF1D9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {30CB9B14-929E-4B8B-98C0-6235ADB0C7E9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {385D28A3-1A0B-41A7-BA98-EEA2D0993D43} - \PCDEventLauncher -> No File <==== ATTENTION
    Task: {39F9CBA6-3FC8-4ABB-BECC-94BDA58D3E56} - System32\Tasks\filog\{343554DB-1758-3A8F-F799-31F11969CC3F} => C:\Users\Grant\AppData\Local\hodor\filog.exe [2013-05-06] ()
    Task: {3B58CFFD-28E3-4556-834C-0682A898590E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3BCC5623-C5A8-4FC3-86AD-1959498162EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {410290B6-A686-4F76-BBC9-5FFDA26FE89B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {43839AE1-8544-4F6E-9EB0-8DE42A8CA82E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {469AB71C-739D-48B1-AFD1-20504C30D23D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-12] (Microsoft Corporation)
    Task: {46FBA771-23F4-4532-8FDE-5C3930989247} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {4728F930-A2B5-4980-A420-BAE36E05A501} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {49680FC0-76A8-40DA-8C99-4F5F3B2F34AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-19] (Microsoft Corporation)
    Task: {4C8297FF-3C7D-4528-B16A-CF8DB898969B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {5169A39F-E363-437A-BB98-6A83AFCCB563} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-12] (Microsoft Corporation)
    Task: {59D7E2A8-D09A-4CC2-B114-1F65E11D4A4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {5D79D003-D6E3-4908-BDAA-EF33B546DE98} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {5F77A319-817F-4685-85F3-0810288E7E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {61405961-9F57-4C83-A02B-4240D86D1997} - System32\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1} => C:\Users\Grant\AppData\Roaming\07E263ED-E4C4-5B46-6A52-6AC3845BD1E1\sync.exe [2013-05-05] () <==== ATTENTION
    Task: {6484291D-D2C3-4748-A114-0DAA81F08038} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {67E35EDC-FE41-4A55-A5EC-53480D69ECEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6A541D61-31FF-4D3D-92AE-3DF4A357EFD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {6C7E0CF0-BBCB-496C-8A49-5AECF10DCBF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {6D1130BF-7209-4722-A533-ED9C6860DBCD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-19] (Microsoft Corporation)
    Task: {737055D8-4BC7-423C-839F-3EE4D67E489C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {7D40C80C-4298-42B1-A1BF-BDF89C346C40} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {809EB142-0FE9-465B-B5A7-0AE08C56F408} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {83959535-1F40-4059-8837-A3163ED8FF81} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {88CD747C-7C7C-4DFD-BC3A-004171AE492C} - System32\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53} => C:\Users\Grant\AppData\Local\UpdateTask1\SyncTask.exe [2013-05-06] () <==== ATTENTION
    Task: {8D6EFAEE-EEBB-461C-A065-0AD20B51FC31} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {98BFD3B2-D64C-4B45-B46D-F9CA47869038} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9E03A48C-B8CE-4AE2-87AD-99B3ABE59ABB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A57DDB55-0B6E-40A0-B0A2-17604921BF54} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A60F0A1C-11CA-4A39-8709-0E8D0394704D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf05d349942193 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {A6F3A054-A655-4C4A-9AEE-A243A6CF3B3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
    Task: {AF8FA9B0-172C-4933-B86D-EEE4C158BEB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-12] (Microsoft Corporation)
    Task: {B0145322-1919-48F1-8332-0ED3B053938B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {B3356F73-132A-4B11-8AF7-11661F21C8BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B9C09DFB-D73D-48C3-8DC3-AE24E8E59D57} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {BD847144-20BB-481E-8ABC-757C2D24C4F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-20] (Adobe Systems Incorporated)
    Task: {BFB55F19-D5B0-44D6-8896-AE107C47700E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C67ACC88-BFDE-42C6-8109-97E5FB8443FA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {C8599017-4E8A-4365-A9C2-E6829E790CC7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {C9DF381D-E732-4362-8111-FB4F45146156} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {CA1ABBDD-1BD4-487E-92F7-2BBF8DEE3188} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CE2131E3-60B2-4B5E-8848-CF9CF083B075} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {D12F44E5-D116-4983-869C-A3EB664CB2AE} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {D7CFFFC5-D074-4CD8-AE40-F127A4BFB389} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-19] (Microsoft Corporation)
    Task: {DCEC2A55-19CC-4D77-AB8F-F4E5E5F9427F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {E48F4110-1A3D-49C3-8031-7AA45828C6D6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {E5ED132A-78D2-4DE7-88C7-6B07A9FC3CAD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {E942D0E7-CF62-4A35-BAA1-9EEADD6D005A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EC514D32-DED5-42C7-B245-6542E3C28D5F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {ED506081-FA13-468E-AAD6-8E279C1E1C21} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
    Task: {F0B329E6-8840-4304-BFD2-CE9CF0B4B12A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2019-01-12] (Microsoft Corporation)
    Task: {F3BD7B6F-A532-439F-9552-E2BFDACF7222} - System32\Tasks\Yahoo! Powered disol => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{B13C745F-3B7E-FE99-BDB8-60DB27FAEB15}\rice.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b42313343373435462d334237452d464539392d424442382d3630444232374641454231357d5c636f746f6661" "433a5c50726f6772616d446174615c7b42313343373435462d334237452d464539392d424442 (the data entry has 78 more characters). <==== ATTENTION
    Task: {F852A091-0A7E-4E14-9977-2835A74609AA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {FED53A12-2962-4D49-9015-EFCBDBD2C087} - System32\Tasks\Bing Search Engine disol => "wscript.exe" "C:\ProgramData\{569493F7-DCD6-1931-5A10-8773C0520CBD}\rice.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b35363934393346372d444344362d313933312d354131302d3837373343303532304342447d5c636f746f6661" "433a5c50726f6772616d446174615c7b35363934393346372d444344362d313933312d35 (the data entry has 82 more characters). <==== ATTENTION
    Task: {FFEB90EB-8478-4F11-9D7E-7B1174159058} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-19] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\Yahoo! Powered disol.job => Wscript.exe C:\ProgramData\{B13C745F-3B7E-FE99-BDB8-60DB27FAEB15}\rice.txt <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{07E263ED-E4C4-5B46-6A52-6AC3845BD1E1}.job => C:\Users\Grant\AppData\Roaming\07E263~1\sync.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\{49134188-5EE5-F05F-8907-0AB97BC6DF53}.job => C:\Users\Grant\AppData\Local\UPDATE~1\SyncTask.exe <==== ATTENTION

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":
    WMI:subscription\__EventFilter->BVTFilter:
    WMI:subscription\CommandLineEventConsumer->BVTConsumer:

    ShortcutWithArgument: C:\Users\Grant\Desktop\Google Maps.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nfoelejpajdgdjldhnpaobkadhhhlmha
    ShortcutWithArgument: C:\Users\Grant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Maps.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nfoelejpajdgdjldhnpaobkadhhhlmha

    ==================== Loaded Modules (Whitelisted) ==============

    2018-10-21 02:17 - 2018-10-21 02:17 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-04-11 23:34 - 2018-04-11 23:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-11 23:34 - 2018-04-11 23:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-13 10:55 - 2018-11-09 02:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2011-12-09 23:07 - 2011-08-18 16:05 - 002751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2019-01-08 18:46 - 2019-01-01 06:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-10-16 10:54 - 2018-10-16 10:55 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-12-13 00:22 - 2018-12-13 00:23 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2017-03-09 01:16 - 2017-03-09 01:16 - 000112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2018-10-22 13:59 - 2018-10-22 13:59 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2018-10-22 13:59 - 2018-10-22 13:59 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2010-11-17 16:35 - 2010-11-17 16:35 - 000514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2018-12-12 21:08 - 2018-12-12 05:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
    2018-12-12 21:08 - 2018-12-12 05:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-10-21 02:17 - 2018-10-21 02:17 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2010-11-25 04:44 - 2010-11-25 04:44 - 000375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\dell.com -> dell.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;c:\Program Files (x86)\Roxio\OEM\AudioCore\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKLM\...\StartupApproved\Run: => "QuickSet"
    HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
    HKLM\...\StartupApproved\Run: => "WinZip UN"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
    HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
    HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
    HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "Chromium"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8F6DD9B4870666331B33C8C79D3CA7EE"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-98693253-3412605275-1652980643-1000\...\StartupApproved\Run: => "Screenpresso"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{F5095F3C-C103-46DB-A64C-F9CE7954D32D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
    FirewallRules: [{01F86BC2-4C26-4FE5-B9C3-CE5FF1338231}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
    FirewallRules: [{69BF9D5B-9521-4931-A031-B59B87677EBB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation)
    FirewallRules: [{9864B267-F70D-45D6-BBD1-5B6B390BBFB7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
    FirewallRules: [{A4A66C7F-0EAE-48F4-8FEA-93AF4AA8C8F0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation)
    FirewallRules: [{4D5BE06D-2BE5-4B2D-9008-2B3A65703B62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{1998B05A-5B1E-4A2E-8B84-F886D1DCADA2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{969C6369-D3B4-496E-AB06-DABB6DC0C0AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    FirewallRules: [{18F8492D-C116-428E-9B73-6C0506C652D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
    FirewallRules: [{1F0628EC-B936-4DF7-9674-A234227BC811}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    FirewallRules: [{94C72EDE-3972-4A79-80E7-CF04A0A4AC9D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    FirewallRules: [UDP Query User{D914B510-367A-4D49-B8FD-0A9ECBF16467}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grant\appdata\roaming\spotify\spotify.exe No File
    FirewallRules: [TCP Query User{B4F3B205-8E85-40CA-B260-E5059E802292}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\grant\appdata\roaming\spotify\spotify.exe No File
    FirewallRules: [UDP Query User{41A4BFAC-9FCF-4A50-A275-B0B2F81B3079}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [TCP Query User{83DF489C-67E7-4188-A31B-CD95B7D4D98A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [{503404D3-5009-4D9B-9A21-4E4C422D373D}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe (CyberLink Corp.)
    FirewallRules: [{AB2CB866-B358-49CE-BD32-1C68F5FCCB5E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe No File
    FirewallRules: [{B98FA90B-6A0E-43EF-9FA0-3A207253F272}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    FirewallRules: [{38A553E9-212E-4312-8C4B-98C694454210}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    FirewallRules: [{8A96A9D5-5983-4FE2-946A-0D2E1841EA7F}] => (Allow) LPort=2869
    FirewallRules: [{179E66BB-C246-4CDA-A5BA-8CBBB8F0325C}] => (Allow) LPort=1900
    FirewallRules: [{5042BC4B-0339-4AF2-8C6E-87ABD38D1C76}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    FirewallRules: [{761F54F6-D8D2-401D-BD2E-EE48476DEF00}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation)
    FirewallRules: [{9D98E20E-F66C-48B6-86A0-5D75750BA335}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
    FirewallRules: [{F06122B4-4B34-4A26-811C-AD304F80FB32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe No File
    FirewallRules: [{53CEBA17-CCB5-403B-8494-936C1D2A1FBA}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe No File
    FirewallRules: [{1B53C74E-45C1-4CA7-B6CD-4731DF746A33}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe No File
    FirewallRules: [{BAFFC007-DBCD-45E6-B13B-63B75863C466}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe No File
    FirewallRules: [{DB0A58AE-93BC-4D60-A788-9F5A06B11732}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe No File
    FirewallRules: [{B866CA5D-D092-4AE4-91CC-B4F991E2814A}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe No File
    FirewallRules: [{0539B323-2998-46E0-9637-39FD9A218937}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe No File
    FirewallRules: [{1B532351-BB8F-412D-A7F9-13800939510A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe No File
    FirewallRules: [{D30D0273-BB1D-47B2-9A8E-5E9F5058C75B}] => (Allow) C:\Users\Grant\AppData\Local\Temp\7zS16BF\setup\hpznui40.exe No File
    FirewallRules: [{285C380B-74CA-4478-840D-0BFF0D81A736}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    FirewallRules: [{31AEEA42-2B2E-4950-A9ED-4E25F8A750BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
    FirewallRules: [{06E1E9AB-6AF0-4DD6-8986-78AF8D64B9E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.)
    FirewallRules: [{BCD0E097-F64F-43C8-91F6-03A4B9137625}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard Co.)
    FirewallRules: [{AC1E9DCA-472F-4AD5-A8FE-85668663CD08}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett-Packard Co.)
    FirewallRules: [{00E43D41-90CF-4AAB-9D4D-A709D9898675}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.)
    FirewallRules: [{01091FEA-11AC-4142-9FA1-0C92DDFD5ACC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard Co.)
    FirewallRules: [{625CE3D1-65D2-4D17-BE66-FFB95FFF3322}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.)
    FirewallRules: [{EBF26B21-A0AB-4B39-BDE6-E60AFA2B1AFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
    FirewallRules: [{9A4F830B-3790-446B-91B7-811EABD66FAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett-Packard Co.)
    FirewallRules: [{01BDD3C1-386B-46EA-9D64-4AAE9C3142DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett-Packard Co.)
    FirewallRules: [{D7B23048-45AF-4F98-98CA-5C46D1ECF95A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard)
    FirewallRules: [{B3901704-226D-4F31-9AC6-987AD7038435}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Co.)
    FirewallRules: [{19CECF5D-47F4-4FF0-986F-6E9BB86FA6DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{83CC43A9-F66A-4B2C-8293-CF691BD9FE06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{F7E2F706-0D4A-4D8A-8BBD-FE711DE4B1F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
    FirewallRules: [TCP Query User{3AF7C55B-9F97-4620-A8D2-2CBCE557D1A7}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\grant\appdata\roaming\spotify\spotify.exe No File
    FirewallRules: [UDP Query User{6F2357F7-FF13-4295-BAD6-72F76DCC95BC}C:\users\grant\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\grant\appdata\roaming\spotify\spotify.exe No File
    FirewallRules: [{235241E9-7196-4EA5-BC60-418E1B9EC0C1}] => (Allow) C:\Users\Grant\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)
    FirewallRules: [{36BD7598-CA5E-43CF-B864-B76F87144C04}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    FirewallRules: [{6C5204F2-45B3-4AFB-BA9C-73B72D977932}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
    FirewallRules: [TCP Query User{6AD896C0-2ADA-4E36-8752-99A7A853F6A4}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc.)
    FirewallRules: [UDP Query User{B8EE7D61-7637-4EBD-9A83-EF1163B28E84}C:\program files (x86)\premieropinion\pmropn.exe] => (Allow) C:\program files (x86)\premieropinion\pmropn.exe (VoiceFive, Inc.)
    FirewallRules: [{5780FE74-C464-43D5-B9C6-FFE3165279A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{DE4D1876-505E-4D69-B70D-E9C9904B85FC}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VoiceFive, Inc.)
    FirewallRules: [{93EA99BC-FDC9-424D-A3AF-F50460EF627C}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VoiceFive, Inc.)

    ==================== Restore Points =========================

    20-12-2018 11:39:51 Windows Update
    08-01-2019 18:41:52 Windows Update
    11-01-2019 20:46:49 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/13/2019 03:28:23 PM) (Source: ESENT) (EventID: 481) (User: )
    Description: taskhostw (3664,D,0) WebCacheLocal: An attempt to read from the file "C:\Users\Grant\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes failed after 15.131 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (01/13/2019 03:27:43 PM) (Source: ESENT) (EventID: 481) (User: )
    Description: taskhostw (3664,T,0) WebCacheLocal: An attempt to read from the file "C:\Users\Grant\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes failed after 21.153 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (01/13/2019 03:25:58 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
    Description: MCSCAN32 Engine Initialisation failed.
    Engine returned error : 1

    Error: (01/13/2019 03:21:17 PM) (Source: ESENT) (EventID: 481) (User: )
    Description: DllHost (1984,D,0) WebCacheLocal: An attempt to read from the file "C:\Users\Grant\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes failed after 22.514 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (01/13/2019 03:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Shasta.exe, version: 1.0.0.1, time stamp: 0x4ce4200d
    Faulting module name: PROPSYS.dll, version: 7.0.17134.112, time stamp: 0x147a5296
    Exception code: 0xc0000005
    Fault offset: 0x0006c810
    Faulting process id: 0x28dc
    Faulting application start time: 0x01d4ab519165be5c
    Faulting application path: C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Shasta.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\PROPSYS.dll
    Report Id: a26a4fd9-9a28-450f-9546-cc967fa5c9bf
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/13/2019 02:41:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (01/13/2019 02:35:05 PM) (Source: ESENT) (EventID: 481) (User: )
    Description: taskhostw (5292,D,0) WebCacheLocal: An attempt to read from the file "C:\Users\Grant\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes failed after 14.952 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.

    Error: (01/13/2019 02:34:23 PM) (Source: ESENT) (EventID: 481) (User: )
    Description: taskhostw (5292,D,0) WebCacheLocal: An attempt to read from the file "C:\Users\Grant\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes failed after 20.805 seconds with system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read operation will fail with error -1021 (0xfffffc03). If this error persists then the file may be damaged and may need to be restored from a previous backup.


    System errors:
    =============
    Error: (01/13/2019 04:18:46 PM) (Source: DCOM) (EventID: 10010) (User: GRANT-PC)
    Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppXxyrxfkapamrp843pd5arq545p9wtj2nq.mca did not register with DCOM within the required timeout.

    Error: (01/13/2019 04:14:46 PM) (Source: DCOM) (EventID: 10010) (User: GRANT-PC)
    Description: The server Microsoft.OneConnect_5.1809.2571.0_x64__8wekyb3d8bbwe!App.AppXe8pdgw5syxe8pgccbk3mcn5hanwamr0e.mca did not register with DCOM within the required timeout.

    Error: (01/13/2019 04:11:46 PM) (Source: DCOM) (EventID: 10010) (User: GRANT-PC)
    Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca did not register with DCOM within the required timeout.

    Error: (01/13/2019 04:04:32 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (01/13/2019 04:04:27 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (01/13/2019 03:35:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/13/2019 03:33:06 PM) (Source: DCOM) (EventID: 10010) (User: GRANT-PC)
    Description: The server {2C82180E-8C3C-4A1B-BEB1-B9140713E701} did not register with DCOM within the required timeout.

    Error: (01/13/2019 03:31:45 PM) (Source: DCOM) (EventID: 10016) (User: GRANT-PC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Grant-PC\Grant SID (S-1-5-21-98693253-3412605275-1652980643-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-01-13 16:10:07.407
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...BS/Mutuodo.A&threatid=2147724374&enterprise=0
    Name: Trojan:VBS/Mutuodo.A
    ID: 2147724374
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Grant\AppData\Roaming\Kinubenonabe; file:_C:\Users\Grant\AppData\Roaming\Relafotopu
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Users\Grant\Downloads\FRST64.exe
    Signature Version: AV: 1.283.2877.0, AS: 1.283.2877.0, NIS: 1.283.2877.0
    Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-13 16:10:07.350
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?li...BS/Mutuodo.A&threatid=2147724374&enterprise=0
    Name: Trojan:VBS/Mutuodo.A
    ID: 2147724374
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\Grant\AppData\Roaming\Kinubenonabe
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Users\Grant\Downloads\FRST64.exe
    Signature Version: AV: 1.283.2877.0, AS: 1.283.2877.0, NIS: 1.283.2877.0
    Engine Version: AM: 1.1.15500.2, NIS: 1.1.15500.2

    Date: 2019-01-13 15:19:58.352
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    CodeIntegrity:
    ===================================

    Date: 2019-01-13 15:13:38.498
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 15:08:38.230
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 15:03:38.238
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 14:58:38.223
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 14:53:40.099
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 14:48:38.225
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 14:44:38.702
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-13 14:43:39.271
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
    Percentage of memory in use: 62%
    Total physical RAM: 4002.05 MB
    Available physical RAM: 1483.12 MB
    Total Virtual: 8098.05 MB
    Available Virtual: 5405.46 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:289.19 GB) NTFS

    \\?\Volume{c6a3b9c6-22b1-11e1-9cf6-806e6f6e6963}\ (Recovery) (Fixed) (Total:14.65 GB) (Free:6.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 47EE8583)
    Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1221791

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice