1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Co-workers computer lagging pretty hard

Discussion in 'Virus & Other Malware Removal' started by PeterDORG, Jan 28, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. PeterDORG

    PeterDORG Thread Starter

    Joined:
    Jan 28, 2019
    Messages:
    4
    Hi, looking to clean up a co-worker's computer, which is running pretty slow. Takes a while to start up, then lags when shifting between programs. I figure there's likely some malware on it. Although I did just run Malwarebytes, and it didn't turn anything up.
    Been a while since I've used one of these forums, but I remember years ago coming to forums and running a checker on my computer, submitting the log back to the forum, and being advised on what to get rid of. Does this forum work similarly?

    Thanks in advance for any help.

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, Intel64 Family 6 Model 78 Stepping 3
    Processor Count: 4
    RAM: 8065 Mb
    Graphics Card: Intel(R) HD Graphics 520, 1024 Mb
    Hard Drives: C: 892 GB (843 GB Free); D: 24 GB (23 GB Free);
    Motherboard: LENOVO, Lenovo ideapad 1
    Antivirus: Windows Defender, Enabled and Updated
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    651
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will pop up - FRST.txt and Addition.txt.
    • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. PeterDORG

    PeterDORG Thread Starter

    Joined:
    Jan 28, 2019
    Messages:
    4
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
    Ran by esorn (administrator) on LAPTOP-GCB922IN (28-01-2019 16:46:43)
    Running from C:\Users\esorn\Downloads
    Loaded Profiles: esorn (Available Profiles: defaultuser0 & esorn)
    Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_48c2e68e54c92258\igfxCUIService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_48c2e68e54c92258\IntelCpHDCPSvc.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_48c2e68e54c92258\IntelCpHeciSvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_48c2e68e54c92258\igfxEM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (SweetLabs, Inc) C:\Users\esorn\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Lenovo(beijing) Limited) C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
    (Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATISLE.EXE
    (Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATISLE.EXE
    (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\WmdHost.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322104 2016-03-17] (Intel Corporation)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-07] (Conexant Systems, Inc.)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
    HKLM\...\Run: [LenovoUtility] => C:\ProgramData\Lenovo\ImController\Plugins\IdeaOSDPackage\x64\utility.exe [911272 2017-07-27] (Lenovo(beijing) Limited)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-20] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-20] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4090176 2019-01-22] (Dropbox, Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATISLE.EXE [418000 2016-07-14] (Seiko Epson Corporation)
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATISLE.EXE [418000 2016-07-14] (Seiko Epson Corporation)
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATISLE.EXE [418000 2016-07-14] (Seiko Epson Corporation)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-14] (Google Inc.)
    Startup: C:\Users\esorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-02-05]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{db202a2a-9659-478b-ac3f-76b62e5e3588}: [DhcpNameServer] 150.100.0.10
    Tcpip\..\Interfaces\{e543641e-a795-4de2-a503-fcc5862bb735}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001 -> DefaultScope {718F48FE-3E5D-4752-B1EB-D4230EC5C701} URL =
    SearchScopes: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001 -> {718F48FE-3E5D-4752-B1EB-D4230EC5C701} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-08] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

    FireFox:
    ========
    FF DefaultProfile: rstf9rq3.default
    FF ProfilePath: C:\Users\esorn\AppData\Roaming\Mozilla\Firefox\Profiles\rstf9rq3.default [2019-01-28]
    FF Extension: (Telemetry coverage) - C:\Users\esorn\AppData\Roaming\Mozilla\Firefox\Profiles\rstf9rq3.default\features\{87214779-68c9-448f-b922-6862f1455c04}\[email protected] [2019-01-28] [Legacy]
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-07] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc.)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxps://www.bing.com/?PC=JV04"
    CHR Profile: C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default [2019-01-28]
    CHR Extension: (Docs) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
    CHR Extension: (Google Drive) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-19]
    CHR Extension: (YouTube) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-19]
    CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-24]
    CHR Extension: (Sheets) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
    CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-10-21]
    CHR Extension: (Google Docs Offline) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
    CHR Extension: (Gmail) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-19]
    CHR Extension: (Chrome Media Router) - C:\Users\esorn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-19]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619816 2019-01-04] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-22] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-01-22] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-22] (Dropbox, Inc.)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-03-10] (Seiko Epson Corporation)
    R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-22] (Lenovo)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-27] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-03-17] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71336 2019-01-07] (Lenovo Group Ltd.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 RapiMgr; C:\WINDOWS\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [713816 2018-09-26] (Realtek Semiconductor Corp.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260152 2017-05-19] (Synaptics Incorporated)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH)
    R2 WcesComm; C:\WINDOWS\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (Apple Inc.)
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-03-31] (Realtek )
    R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [758312 2018-09-26] (Realtek Semiconductor Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418272 2016-07-13] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127552 2016-07-03] (Realtek Semiconductor Corp.)
    R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )
    S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2016-01-06] (support.com, Inc)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
    S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-28 16:46 - 2019-01-28 16:47 - 000020911 _____ C:\Users\esorn\Downloads\FRST.txt
    2019-01-28 16:46 - 2019-01-28 16:46 - 002428416 _____ (Farbar) C:\Users\esorn\Downloads\FRST64.exe
    2019-01-28 16:46 - 2019-01-28 16:46 - 000000000 ____D C:\FRST
    2019-01-28 16:42 - 2019-01-28 16:43 - 001787904 _____ (Farbar) C:\Users\esorn\Downloads\FRST.exe
    2019-01-28 16:38 - 2019-01-28 16:38 - 000000000 ___HD C:\OneDriveTemp
    2019-01-28 16:36 - 2019-01-07 18:38 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
    2019-01-28 16:36 - 2019-01-07 18:38 - 000130216 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
    2019-01-28 16:36 - 2019-01-07 18:38 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
    2019-01-28 16:36 - 2019-01-07 18:38 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
    2019-01-28 15:44 - 2019-01-28 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2019-01-28 15:44 - 2019-01-28 15:44 - 000000000 ____D C:\Program Files\VS Revo Group
    2019-01-28 15:43 - 2019-01-28 15:44 - 007127416 _____ (VS Revo Group ) C:\Users\esorn\Downloads\revosetup.exe
    2019-01-28 15:31 - 2019-01-28 15:31 - 000748192 _____ (TechGuy, Inc.) C:\Users\esorn\Downloads\SysInfo.exe
    2019-01-28 15:28 - 2019-01-28 15:28 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-01-28 15:28 - 2019-01-28 15:28 - 000000000 ____D C:\Users\esorn\AppData\Local\mbamtray
    2019-01-28 15:28 - 2019-01-28 15:28 - 000000000 ____D C:\Users\esorn\AppData\Local\mbam
    2019-01-28 15:28 - 2019-01-28 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-01-28 15:28 - 2019-01-28 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-01-28 15:28 - 2019-01-28 15:28 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-01-28 15:28 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-01-28 15:20 - 2019-01-28 15:21 - 073010416 _____ (Malwarebytes ) C:\Users\esorn\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.527-1.0.8998.exe
    2019-01-28 14:49 - 2019-01-28 14:49 - 000003412 _____ C:\WINDOWS\System32\Tasks\Reason Antivirus UI
    2019-01-28 14:48 - 2019-01-28 14:48 - 000535368 _____ (Reason Software Company Inc.) C:\Users\esorn\Downloads\Reason-Free-Antivirus-Installer.exe
    2019-01-24 10:47 - 2019-01-24 10:47 - 000011620 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Harvests (45).xlsx
    2019-01-24 10:45 - 2019-01-24 10:45 - 000007119 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Harvests (47).xlsx
    2019-01-23 14:26 - 2019-01-23 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-01-23 14:15 - 2019-01-23 14:15 - 000590179 _____ C:\Users\esorn\Downloads\IMMATURE TRACKING AUTOMATION (54).xlsm
    2019-01-23 14:13 - 2019-01-23 14:13 - 000013276 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Plantings-Active (44).xlsx
    2019-01-23 14:12 - 2019-01-23 14:12 - 000015082 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Plantings-Active (44).xlsx
    2019-01-23 09:28 - 2019-01-23 09:28 - 000005530 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (97).xlsx
    2019-01-23 09:27 - 2019-01-23 09:27 - 000005841 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (96).xlsx
    2019-01-22 14:14 - 2019-01-22 14:14 - 000005841 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (94).xlsx
    2019-01-22 14:14 - 2019-01-22 14:14 - 000005532 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (95).xlsx
    2019-01-22 13:23 - 2019-01-28 16:39 - 000000000 ___RD C:\Users\esorn\Dropbox
    2019-01-22 13:23 - 2019-01-22 13:23 - 000001310 _____ C:\Users\esorn\Desktop\Dropbox.lnk
    2019-01-22 13:19 - 2019-01-22 13:19 - 000000000 ____D C:\Users\esorn\AppData\Roaming\Dropbox
    2019-01-22 13:18 - 2019-01-28 16:34 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2019-01-22 13:18 - 2019-01-28 16:34 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2019-01-22 13:18 - 2019-01-23 14:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-01-22 13:18 - 2019-01-22 13:23 - 000000000 ____D C:\Users\esorn\AppData\Local\Dropbox
    2019-01-22 13:18 - 2019-01-22 13:18 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-01-22 13:18 - 2019-01-22 13:18 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2019-01-22 13:18 - 2019-01-22 13:18 - 000000000 ____D C:\ProgramData\Dropbox
    2019-01-22 13:17 - 2019-01-22 13:17 - 000696608 _____ (Dropbox, Inc.) C:\Users\esorn\Downloads\DropboxInstaller.exe
    2019-01-22 08:22 - 2019-01-22 08:22 - 000007401 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (93).xlsx
    2019-01-22 08:20 - 2019-01-22 08:20 - 000005841 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (92).xlsx
    2019-01-22 06:14 - 2019-01-22 06:14 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-01-22 06:14 - 2019-01-22 06:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-01-22 06:14 - 2019-01-22 06:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-01-22 06:14 - 2019-01-22 06:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-01-18 09:00 - 2019-01-18 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2019-01-17 11:28 - 2019-01-17 11:28 - 000007093 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (91).xlsx
    2019-01-17 11:27 - 2019-01-17 11:27 - 000005995 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (90).xlsx
    2019-01-17 11:09 - 2019-01-17 11:09 - 000006941 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Harvests (46).xlsx
    2019-01-17 11:07 - 2019-01-17 11:07 - 000012013 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Harvests (44).xlsx
    2019-01-16 14:14 - 2019-01-16 14:14 - 000590179 _____ C:\Users\esorn\Downloads\IMMATURE TRACKING AUTOMATION (53).xlsm
    2019-01-16 14:12 - 2019-01-16 14:12 - 000012867 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Plantings-Active (43).xlsx
    2019-01-16 14:10 - 2019-01-16 14:10 - 000014883 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Plantings-Active (43).xlsx
    2019-01-16 08:40 - 2019-01-16 08:40 - 000006997 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (89).xlsx
    2019-01-16 08:39 - 2019-01-16 08:39 - 000005821 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (88).xlsx
    2019-01-11 11:03 - 2019-01-11 11:03 - 000006735 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (87).xlsx
    2019-01-11 11:03 - 2019-01-11 11:03 - 000005960 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (86).xlsx
    2019-01-10 10:47 - 2019-01-10 10:47 - 000013658 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Packages-Active (11).xlsx
    2019-01-10 10:43 - 2019-01-10 10:43 - 000009436 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Packages-Active (10).xlsx
    2019-01-10 08:26 - 2019-01-10 08:27 - 004648397 _____ C:\Users\esorn\Downloads\My Movie 2 (1).mp4
    2019-01-09 16:35 - 2019-01-09 16:35 - 000011943 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Harvests (43).xlsx
    2019-01-09 16:32 - 2019-01-09 16:32 - 000006833 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Harvests (45).xlsx
    2019-01-09 14:45 - 2019-01-09 14:45 - 005146074 _____ C:\Users\esorn\Desktop\Metrc_Manual.pdf
    2019-01-09 13:51 - 2019-01-09 13:51 - 000590179 _____ C:\Users\esorn\Downloads\IMMATURE TRACKING AUTOMATION (52).xlsm
    2019-01-09 13:49 - 2019-01-09 13:49 - 000012761 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Plantings-Active (42).xlsx
    2019-01-09 13:46 - 2019-01-09 13:46 - 000014581 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Plantings-Active (42).xlsx
    2019-01-09 12:05 - 2019-01-01 06:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-01-09 12:05 - 2019-01-01 06:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
    2019-01-09 12:05 - 2019-01-01 06:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-09 12:05 - 2019-01-01 06:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2019-01-09 12:05 - 2019-01-01 06:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
    2019-01-09 12:05 - 2019-01-01 06:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-01-09 12:05 - 2019-01-01 06:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-09 12:05 - 2019-01-01 06:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
    2019-01-09 12:05 - 2019-01-01 06:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2019-01-09 12:05 - 2019-01-01 06:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
    2019-01-09 12:05 - 2019-01-01 00:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-01-09 12:05 - 2019-01-01 00:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-01-09 12:05 - 2019-01-01 00:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-01-09 12:05 - 2019-01-01 00:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-01-09 12:05 - 2019-01-01 00:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-01-09 12:05 - 2019-01-01 00:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-01-09 12:05 - 2019-01-01 00:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-09 12:05 - 2019-01-01 00:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-01-09 12:05 - 2019-01-01 00:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-01-09 12:05 - 2019-01-01 00:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-09 12:05 - 2019-01-01 00:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-09 12:05 - 2019-01-01 00:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-09 12:05 - 2019-01-01 00:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-01-09 12:05 - 2019-01-01 00:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-09 12:05 - 2019-01-01 00:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-09 12:05 - 2019-01-01 00:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-09 12:05 - 2019-01-01 00:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-01-09 12:05 - 2019-01-01 00:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-01-09 12:05 - 2019-01-01 00:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-09 12:05 - 2019-01-01 00:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-01-09 12:05 - 2018-12-31 23:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-01-09 12:05 - 2018-12-31 23:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-09 12:05 - 2018-12-31 23:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-01-09 12:05 - 2018-12-31 23:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-01-09 12:05 - 2018-12-31 23:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-09 12:05 - 2018-12-31 23:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
    2019-01-09 12:05 - 2018-12-31 23:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-01-09 12:05 - 2018-12-31 23:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-01-09 12:05 - 2018-12-31 23:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
    2019-01-09 12:05 - 2018-12-31 23:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-01-09 12:05 - 2018-12-31 23:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-01-09 12:05 - 2018-12-31 23:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-01-09 12:05 - 2018-12-31 23:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-01-09 12:05 - 2018-12-31 23:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-01-09 12:05 - 2018-12-31 23:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-01-09 12:05 - 2018-12-31 23:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-09 12:05 - 2018-12-31 23:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-01-09 12:05 - 2018-12-31 23:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
    2019-01-09 12:05 - 2018-12-31 23:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 12:05 - 2018-12-31 23:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-01-09 12:05 - 2018-12-31 23:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-01-09 12:05 - 2018-12-31 23:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2019-01-09 12:05 - 2018-12-31 23:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-01-09 12:05 - 2018-12-31 23:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-09 12:05 - 2018-12-31 23:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-09 12:05 - 2018-12-31 23:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-09 12:05 - 2018-12-31 23:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2019-01-09 12:05 - 2018-12-31 23:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-01-09 12:05 - 2018-12-31 23:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-09 12:05 - 2018-12-31 23:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-01-09 12:05 - 2018-12-31 23:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-09 12:05 - 2018-12-31 23:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
    2019-01-09 12:05 - 2018-12-31 23:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-01-09 12:05 - 2018-12-31 23:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-01-09 12:05 - 2018-12-31 23:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2019-01-09 12:05 - 2018-12-31 23:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-01-09 12:05 - 2018-12-31 23:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-01-09 12:05 - 2018-12-31 23:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-01-09 12:05 - 2018-12-31 23:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-01-09 12:05 - 2018-12-31 23:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-01-09 12:05 - 2018-12-31 23:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-01-09 12:05 - 2018-12-31 23:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 12:05 - 2018-12-31 23:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-01-09 12:05 - 2018-12-31 23:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-09 12:05 - 2018-12-31 23:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-01-09 12:05 - 2018-12-31 23:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-01-09 12:05 - 2018-12-31 23:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2019-01-09 12:05 - 2018-12-31 23:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-09 12:05 - 2018-12-31 23:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
    2019-01-09 12:05 - 2018-12-31 22:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-01-09 12:05 - 2018-12-18 21:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-08 16:34 - 2019-01-08 16:34 - 004648397 _____ C:\Users\esorn\Downloads\My Movie 2.mp4
    2019-01-08 08:38 - 2019-01-08 08:38 - 000006072 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (85).xlsx
    2019-01-08 08:37 - 2019-01-08 08:37 - 000005842 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (84).xlsx
    2019-01-03 16:15 - 2019-01-03 16:15 - 000006226 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (83).xlsx
    2019-01-03 16:15 - 2019-01-03 16:15 - 000006123 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (82).xlsx
    2019-01-03 16:00 - 2019-01-03 16:00 - 000005540 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-01668-Plants-Harvests (3).xlsx
    2019-01-03 15:58 - 2019-01-03 15:58 - 000012021 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Harvests (42).xlsx
    2019-01-03 15:57 - 2019-01-03 15:57 - 000007207 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Harvests (44).xlsx
    2019-01-03 15:55 - 2019-01-03 15:55 - 000012022 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Harvests (41).xlsx
    2019-01-03 15:53 - 2019-01-03 15:53 - 000007206 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Harvests (43).xlsx
    2019-01-02 13:44 - 2019-01-02 13:44 - 000590179 _____ C:\Users\esorn\Downloads\IMMATURE TRACKING AUTOMATION (51).xlsm
    2019-01-02 13:43 - 2019-01-02 13:43 - 000012464 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Plantings-Active (41).xlsx
    2019-01-02 13:42 - 2019-01-02 13:42 - 000014452 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Plantings-Active (41).xlsx
    2019-01-02 10:17 - 2019-01-02 10:17 - 000007393 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (81).xlsx
    2019-01-02 10:16 - 2019-01-02 10:16 - 000006260 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Packages-Active (80).xlsx
    2019-01-01 14:08 - 2019-01-01 14:08 - 000006423 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Vegetative (22).xlsx
    2019-01-01 14:07 - 2019-01-01 14:07 - 000006187 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Vegetative (23).xlsx
    2019-01-01 14:05 - 2019-01-01 14:05 - 000006335 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403-00786-Plants-Vegetative (22).xlsx
    2019-01-01 14:04 - 2019-01-01 14:04 - 000006573 _____ C:\Users\esorn\Downloads\Metrc-Colorado-403R-00332-Plants-Vegetative (21).xlsx
    2019-01-01 08:11 - 2019-01-01 08:11 - 000308158 _____ C:\Users\esorn\Desktop\End of Year Inventory Reports.zip
    2019-01-01 08:10 - 2019-01-01 08:10 - 000000000 ____D C:\Users\esorn\Desktop\End of Year Inventory Reports
    2019-01-01 08:09 - 2019-01-01 08:09 - 000060416 _____ C:\Users\esorn\Downloads\PlantsInventoryReport (1).xls
    2019-01-01 08:08 - 2019-01-01 08:08 - 000000104 _____ C:\Users\esorn\Downloads\PackagesInventoryReport (2).csv
    2019-01-01 08:07 - 2019-01-01 08:07 - 000056320 _____ C:\Users\esorn\Downloads\PackagesInventoryReport (5).xls
    2019-01-01 08:06 - 2019-01-01 08:06 - 000064512 _____ C:\Users\esorn\Downloads\MonthlyPlantsInventoryReport (1).xls
    2019-01-01 08:04 - 2019-01-01 08:04 - 000283136 _____ C:\Users\esorn\Downloads\PlantsInventoryReport.xls
    2019-01-01 08:03 - 2019-01-01 08:03 - 000008876 _____ C:\Users\esorn\Downloads\PackagesInventoryReport 403-00786 01012019.csv
    2019-01-01 08:02 - 2019-01-01 08:02 - 000075264 _____ C:\Users\esorn\Downloads\PackagesInventoryReport (4).xls
    2019-01-01 08:02 - 2019-01-01 08:02 - 000009475 _____ C:\Users\esorn\Downloads\PackagesInventoryReport (1).csv
    2019-01-01 07:59 - 2019-01-01 07:59 - 000068608 _____ C:\Users\esorn\Downloads\MonthlyPlantsInventoryReport.xls

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-28 16:42 - 2018-04-02 08:14 - 000000000 ____D C:\Users\esorn\AppData\LocalLow\Mozilla
    2019-01-28 16:41 - 2018-07-09 18:14 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-01-28 16:41 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
    2019-01-28 16:40 - 2018-07-09 18:24 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FD545560-9DCB-4DF3-B533-3B7449B7F675}
    2019-01-28 16:38 - 2016-10-18 15:23 - 000000000 ___RD C:\Users\esorn\OneDrive
    2019-01-28 16:36 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-01-28 16:36 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-01-28 16:36 - 2016-10-18 15:21 - 000000000 __SHD C:\Users\esorn\IntelGraphicsProfiles
    2019-01-28 16:35 - 2018-07-09 18:06 - 000000000 ____D C:\Users\esorn
    2019-01-28 16:34 - 2018-07-09 18:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-01-28 16:34 - 2018-05-29 06:40 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForesorn.job
    2019-01-28 16:34 - 2016-12-06 12:59 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3427401226-2247106153-2576929769-1001.job
    2019-01-28 16:34 - 2016-12-06 12:59 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3427401226-2247106153-2576929769-1001.job
    2019-01-28 16:00 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-01-28 15:59 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-01-28 15:59 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-01-28 15:49 - 2016-10-18 17:54 - 000000000 ____D C:\ProgramData\McAfee
    2019-01-28 15:16 - 2018-07-09 18:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-01-28 14:34 - 2018-07-09 18:06 - 000000000 ____D C:\Users\esorn\AppData\Local\Host App Service
    2019-01-28 14:16 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-01-25 09:54 - 2018-03-29 16:19 - 000027249 _____ C:\Users\esorn\Desktop\Packaging Tracking Spreadsheet.xlsx
    2019-01-24 15:03 - 2018-05-24 14:04 - 000000000 ____D C:\Users\esorn\Desktop\NEW MED LABELS
    2019-01-24 14:10 - 2018-02-27 07:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-01-24 10:52 - 2018-09-17 11:17 - 000000000 ____D C:\Users\esorn\Desktop\Weekly Harvest Sheets
    2019-01-24 10:47 - 2018-01-09 15:40 - 000000000 ____D C:\Users\esorn\AppData\Local\Packages
    2019-01-24 08:31 - 2017-09-14 10:06 - 000000000 ____D C:\Users\esorn\Desktop\VEG SCANS
    2019-01-24 07:52 - 2017-07-08 15:31 - 000000000 ____D C:\Users\esorn\AppData\Local\GoToMeeting
    2019-01-23 14:18 - 2017-04-03 15:59 - 000000000 ____D C:\Users\esorn\Desktop\Immature Documents
    2019-01-23 08:54 - 2017-04-05 16:18 - 000000000 ____D C:\Users\esorn\Desktop\MISC Inventory
    2019-01-23 07:36 - 2018-07-09 18:24 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3427401226-2247106153-2576929769-1001
    2019-01-23 07:36 - 2018-07-09 18:06 - 000002374 _____ C:\Users\esorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-01-22 11:13 - 2018-07-09 18:24 - 000003836 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3427401226-2247106153-2576929769-1001
    2019-01-22 11:13 - 2018-07-09 18:24 - 000003740 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3427401226-2247106153-2576929769-1001
    2019-01-22 07:35 - 2018-07-09 18:24 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForesorn
    2019-01-22 07:32 - 2016-11-02 10:36 - 000000000 ____D C:\Users\esorn\Desktop\REC LABELS
    2019-01-18 10:57 - 2018-11-19 07:49 - 000000000 ____D C:\Program Files\rempl
    2019-01-18 08:59 - 2016-09-02 13:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-01-17 13:45 - 2017-07-11 10:44 - 000000000 ____D C:\Users\esorn\Desktop\MISC. FORMS
    2019-01-09 12:15 - 2016-10-18 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-09 12:12 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-09 12:12 - 2016-10-18 21:07 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-07 18:38 - 2018-06-26 06:18 - 000425128 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
    2019-01-07 18:38 - 2018-06-26 06:18 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
    2019-01-07 18:38 - 2018-06-26 06:18 - 000053416 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
    2019-01-07 18:38 - 2017-12-15 08:02 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
    2019-01-02 12:41 - 2018-11-14 11:16 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-01-02 12:41 - 2018-11-14 11:16 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2016-09-02 14:32 - 2018-12-19 07:51 - 001388432 _____ () C:\Users\Public\VOIP.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-07-09 18:00

    ==================== End of FRST.txt ============================
     
  4. PeterDORG

    PeterDORG Thread Starter

    Joined:
    Jan 28, 2019
    Messages:
    4
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
    Ran by esorn (28-01-2019 16:48:40)
    Running from C:\Users\esorn\Downloads
    Windows 10 Home Version 1803 17134.523 (X64) (2018-07-10 01:25:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3427401226-2247106153-2576929769-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3427401226-2247106153-2576929769-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-3427401226-2247106153-2576929769-1000 - Limited - Disabled) => C:\Users\defaultuser0
    esorn (S-1-5-21-3427401226-2247106153-2576929769-1001 - Administrator - Enabled) => C:\Users\esorn
    Guest (S-1-5-21-3427401226-2247106153-2576929769-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3427401226-2247106153-2576929769-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AmScope AmScope 3.7 (HKLM-x32\...\{1B67D67B-E7ED-4055-951F-C78FCF99A210}) (Version: 3.7 - AmScope)
    BioTrackTHC (HKLM-x32\...\{ACB967CB-363E-4D83-8B91-150694CAB399}_is1) (Version: 3.0 - Bio-Tech Medical Software, Inc.)
    CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.29.61 - Conexant)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 65.4.177 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
    EPSON ET-2750 Series Printer Uninstall (HKLM\...\EPSON ET-2750 Series) (Version: - Seiko Epson Corporation)
    Epson ET-2750 User’s Guide (HKLM-x32\...\UsersGuideEpson ET-2750 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
    Epson Event Manager (HKLM-x32\...\{541E6575-D4A4-448A-91F3-F5E9D6731A7F}) (Version: 3.10.0083 - Seiko Epson Corporation)
    Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
    Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
    EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
    GoToMeeting 8.39.1.11584 (HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\GoToMeeting) (Version: 8.39.1.11584 - LogMeIn, Inc.)
    HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
    HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.10.49.21 - HP Inc.)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.8.1052 - Intel Corporation)
    Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.271.1.400 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.271.1.400 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo App Explorer (HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\Host App Service) (Version: 0.273.2.977 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
    Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
    Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
    Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
    Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11126.20266 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\...\OneDriveSetup.exe) (Version: 18.240.1202.0004 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11126.20266 - Microsoft Corporation) Hidden
    Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.051116 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31227 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
    Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0004 - REALTEK Semiconductor Corp.)
    Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\esorn\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-21] (Cyberlink)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_48c2e68e54c92258\igfxDTCM.dll [2018-08-31] (Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {016575B8-C842-474D-A7CD-6C34CEE228A3} - System32\Tasks\App Explorer => C:\Users\esorn\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-12-07] (SweetLabs, Inc) <==== ATTENTION
    Task: {02CF0490-860B-4C33-B20A-37358A53A885} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5ca2defd-2004-44ad-9c6f-475e26cd7b56 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo Group Ltd.)
    Task: {06D39554-1557-476B-AE0F-7A6907DFC0FA} - System32\Tasks\G2MUpdateTask-S-1-5-21-3427401226-2247106153-2576929769-1001 => C:\Users\esorn\AppData\Local\GoToMeeting\11584\g2mupdate.exe [2019-01-22] (LogMeIn, Inc.)
    Task: {075C7084-D2AD-4773-A8D0-852A1E760667} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
    Task: {0CA192C2-435D-451C-B0C0-D946BDF9DDC8} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
    Task: {123BF2C7-3E91-4631-8A51-AFC921EFEC75} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-01-22] (Dropbox, Inc.)
    Task: {2C959923-D297-4EC1-8276-6F4ACFA1E1C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
    Task: {338DD245-8AE6-4CEC-A798-66E6CA5FABB1} - System32\Tasks\EPSON ET-2750 Series Update {7565D471-A4CF-4164-8B2C-73E6CB156DC2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE [2017-06-07] (Seiko Epson Corporation)
    Task: {362BE846-E798-4C34-9B18-97D815E479EE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-27] ()
    Task: {36E948B6-EEC9-404B-B449-5943F532DA4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
    Task: {45BCC172-6079-41BF-AC13-F8C34D20512D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
    Task: {47533748-67CA-40A4-B21B-9CC1F2AD84B5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2019-01-22] (Dropbox, Inc.)
    Task: {4A6C8CBC-0410-4DA8-8558-E217B04568ED} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b7ef9164-8a0d-4a53-a9b8-442ad5644a7d => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo Group Ltd.)
    Task: {510EE717-CAE1-45B4-B33A-44785E0811EF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e2b2f846-de37-41dc-8162-d772e68451ef => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo Group Ltd.)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6DF58A98-FD67-4C3A-B7C4-10766EE0245F} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {70752CD4-B2EE-4049-9CCA-A2E7EF118FD4} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
    Task: {7713755B-F033-452A-A264-9A5F243A1A4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {78ED3146-1F7F-45D6-9486-ABB9BFC1ADD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN48NDW1NB => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.)
    Task: {79028270-765D-4EE9-80C6-DD9845D43B3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
    Task: {8DE04931-BCB4-4D1A-ACEC-195034ED7075} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2019-01-17] (Microsoft Corporation)
    Task: {91D5564E-84FE-4819-977B-4F32648892B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.)
    Task: {95E3B9DA-29E1-4A31-BD8C-23341FBD84BD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
    Task: {B2207C3C-8BC6-4B8E-8BCE-BD92390AC3F3} - System32\Tasks\G2MUploadTask-S-1-5-21-3427401226-2247106153-2576929769-1001 => C:\Users\esorn\AppData\Local\GoToMeeting\11584\g2mupload.exe [2019-01-22] (LogMeIn, Inc.)
    Task: {B9E0222B-D2B7-4AE2-8076-7A4677319298} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {C27CCDE3-5734-4743-82FD-D14756B76EDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2019-01-02] (Microsoft Corporation)
    Task: {C781E4B1-A937-4AA0-8ACC-DD79271896AE} - System32\Tasks\Reason Antivirus UI => C:\Program [Argument = Files\Reason\Reason Antivirus\ReasonAV.exe]
    Task: {C8923065-0F9F-4D85-9EDA-BA7C0968E9FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
    Task: {D0BB9AA7-BAA0-429E-B6CA-82A60E182AAB} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dbde80ea-c5f2-4a3b-b6df-2bb23b7f287d => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2019-01-07] (Lenovo Group Ltd.)
    Task: {D86D7B44-CB28-407D-A3A1-4AEB24CF8997} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2019-01-07] (Lenovo Group Ltd.)
    Task: {DF46D10B-9A31-4C86-B431-CB13CBA01F9C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
    Task: {DF5AFEFE-F8CF-4748-96EF-B6D798F7769D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
    Task: {DFD08C28-22C6-41FE-A00C-0434B4E7AF2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)
    Task: {EF568D0B-71E3-4C43-9252-E43C99E40B79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-12-24] (HP Inc.)
    Task: {F1BD7D5D-A854-422A-BE97-AA0078848D69} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-10] (CyberLink Corp.)
    Task: {F2C1D1FD-5816-4E23-B1F9-727737239044} - System32\Tasks\HPCeeScheduleForesorn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
    Task: {F6FD3A25-1E72-40BE-BD3B-DC04EE986965} - System32\Tasks\EPSON ET-2750 Series Update {48BDA6AA-D112-4460-942F-CB73714BE670} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE [2017-06-07] (Seiko Epson Corporation)
    Task: {F7275456-C21A-4ED0-A373-731E34FC90A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.)
    Task: {F7515324-6318-4571-A196-F3B6983F7EA5} - System32\Tasks\S-1-5-21-3427401226-2247106153-2576929769-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
    Task: {F7D5BB07-E163-4B80-AA23-58DAA7ECBE6A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2019-01-17] (Microsoft Corporation)
    Task: {F9F58564-17CC-4065-AE73-DBCAA592C12F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-19] (Google Inc.)
    Task: {FF448248-4DEE-46D6-884B-8E5AD5CA8C40} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe [2019-01-24] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\EPSON ET-2750 Series Update {48BDA6AA-D112-4460-942F-CB73714BE670}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE:/EXE:{48BDA6AA-D112-4460-942F-CB73714BE670} /F:UpdateWORKGROUP\LAPTOP-GCB922IN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\EPSON ET-2750 Series Update {7565D471-A4CF-4164-8B2C-73E6CB156DC2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE:/EXE:{7565D471-A4CF-4164-8B2C-73E6CB156DC2} /F:UpdateWORKGROUP\LAPTOP-GCB922IN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3427401226-2247106153-2576929769-1001.job => C:\Users\esorn\AppData\Local\GoToMeeting\11584\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3427401226-2247106153-2576929769-1001.job => C:\Users\esorn\AppData\Local\GoToMeeting\11584\g2mupload.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForesorn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-11 11:22 - 2018-11-08 19:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2019-01-09 12:05 - 2018-12-31 23:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-10-04 06:18 - 2018-10-04 06:19 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2019-01-23 10:01 - 2019-01-23 10:01 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2019-01-23 10:01 - 2019-01-23 10:02 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
    2019-01-23 10:01 - 2019-01-23 10:01 - 010936320 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\LibWrapper.dll
    2019-01-23 10:01 - 2019-01-23 10:02 - 002920960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\skypert.dll
    2019-01-23 10:01 - 2019-01-23 10:01 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2019-01-23 10:01 - 2019-01-23 10:02 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2019-01-23 10:01 - 2019-01-23 10:01 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2019-01-23 10:01 - 2019-01-23 10:01 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2017-12-01 07:43 - 2017-12-01 07:43 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2018-11-29 12:26 - 2018-11-29 12:26 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-23 10:01 - 2019-01-23 10:01 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2019-01-23 10:01 - 2019-01-23 10:01 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-12-14 07:26 - 2018-12-11 22:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
    2018-12-14 07:26 - 2018-12-11 22:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
    2016-09-02 13:55 - 2014-07-03 21:35 - 000627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
    2014-07-04 12:35 - 2014-07-04 12:35 - 000016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
    2019-01-23 14:25 - 2019-01-22 06:14 - 001213768 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2019-01-23 14:25 - 2019-01-22 06:14 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2019-01-22 13:20 - 2019-01-22 06:16 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:14 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes36.dll
    2019-01-22 13:20 - 2019-01-22 06:14 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000082760 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:14 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom36.dll
    2019-01-23 14:25 - 2019-01-22 06:15 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:16 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:16 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:14 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 001457488 _____ () C:\Program Files (x86)\Dropbox\Client\dbxlog._dbxlog.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:16 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 001755472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000101200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt592.sip.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 001885520 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000523600 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 003755344 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000169304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000061784 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000042840 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000202584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000117584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000214872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000099664 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:16 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:14 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 011941712 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:14 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2019-01-23 14:25 - 2019-01-22 06:15 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000272208 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2019-01-22 13:20 - 2019-01-22 06:16 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2019-01-22 13:20 - 2019-01-22 06:16 - 000038240 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000026432 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2019-01-23 14:25 - 2019-01-22 06:15 - 001967936 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2019-01-22 13:20 - 2019-01-22 06:16 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000054096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
    2019-01-22 13:20 - 2019-01-22 06:16 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000557392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp36-win32.pyd
    2019-01-23 14:25 - 2019-01-22 06:15 - 000335184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp36-win32.pyd

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\esorn\Dropbox:user.myxattr [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 04:47 - 2016-07-16 04:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3427401226-2247106153-2576929769-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\esorn\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_4886.JPG
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BE40B7DD-6894-4AB0-8403-7E3D221E8C56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{7A15AB38-A8AE-4071-A019-B1DD21380DF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
    FirewallRules: [{74823BBD-51C6-4977-BB02-187399709DD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{82E83F09-585A-4A2F-9C8E-4A35B474DCE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
    FirewallRules: [{B23A6E74-3CA6-45CD-9D51-712DE277BC9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{D133E8A3-313A-4A5F-BB12-7EADF776073C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [UDP Query User{C14EB995-F691-437A-8A4A-350B94396C85}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [TCP Query User{228E9CBD-FDB4-4F96-8168-ADBD553CA277}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [{1166984B-611E-4BB8-AEF4-AC491548F3FA}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [{F2768F28-7F15-4E71-85B3-22D8B2C3DF08}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [{E02A324D-2F39-40BE-8263-798C009C522A}] => (Allow) C:\Users\esorn\AppData\Local\Temp\ET-2750\Network\EpsonNetSetup\ENEasyApp.exe No File
    FirewallRules: [{FCEE0398-D403-47F8-93AE-A91ECE3F4AE6}] => (Allow) C:\Users\esorn\AppData\Local\Temp\ET-2750\Network\EpsonNetSetup\ENEasyApp.exe No File
    FirewallRules: [{B8B060F6-A360-49B4-8151-6D58E2A25B67}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [{5BCD7E7E-B6F0-4161-B5B9-49B24BE0E466}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    FirewallRules: [{9D162C2D-8D63-486A-9E6F-AC667AE8C622}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS05E6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{81BB9B9F-AAA5-4AAC-AA71-9726D238D59B}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS05E6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B865351D-431B-45D7-9DC7-AEF0DCD2CFEE}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS45E3\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{A589537B-9373-454C-B5B5-422F0D6E6997}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS45E3\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{1C19C60A-7331-4FAB-993E-F40DBC7E6FA0}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS44BD\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E388F1AB-E87E-480F-9851-4F3E4C1DA550}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS44BD\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E62FED2B-066B-4762-AFE2-D4BA77B72CBC}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS2580\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{D434A6AA-6DDC-47B4-9D95-3C25B0A32863}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS2580\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B71607A9-658C-4D13-BB87-433AAEEB1C2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Development Company, LP)
    FirewallRules: [{4C2004D3-209F-4271-BAA5-1F521461B43C}] => (Allow) LPort=5357
    FirewallRules: [{61B686E6-D291-4800-AE38-9374EF9BB4AF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett-Packard Development Company, LP)
    FirewallRules: [{332AE181-56B5-492A-AC45-2326E844F797}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett-Packard Development Company, LP)
    FirewallRules: [{F30FD063-2D1D-4DB0-8809-6C9A71C408EA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett-Packard Development Company, LP)
    FirewallRules: [{F1D21009-8630-4501-83BA-B2694FED4EF5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett-Packard Development Company, LP)
    FirewallRules: [{8AC453A1-1E23-4721-95C0-D2DD6FEAE7A7}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS0451\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{69A13E70-2FB3-4CE0-98B5-5E9E6849EBB6}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS0451\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{91E253B3-D634-46CE-97A0-4EDD9DDA02D9}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7E07\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{5C2594BE-D763-480E-B6C0-9B141A46BCEF}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7E07\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{DA4736AA-DEFE-4F76-AD9B-F9A1EE1229D7}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7CEE\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{5C405078-0D3A-4102-849C-9A4F3AFB1836}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7CEE\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{F0C05A91-CB49-4475-9550-F206C68C144A}] => (Allow) LPort=26675
    FirewallRules: [{874046CF-7453-4C66-9550-A4DD771ED025}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{312A42D5-E5E1-44C1-BC87-C1A417BC5D38}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{40FB9616-E99C-4524-A0B5-528F56159310}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp.)
    FirewallRules: [{A262376F-8583-49E2-9209-FBBA040EDC65}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe No File
    FirewallRules: [{55A986B0-B7F5-4FEE-8DCA-880B844EF688}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{85264FA4-C418-4EDB-AB7B-DC4C67D62DF2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{68F45556-F196-4D4D-8A77-5EC345DDC012}] => (Allow) LPort=26675
    FirewallRules: [{D040DC41-2E25-4EAC-B71B-F56CAD416BAA}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{24D3E14A-3D3E-4B6D-A76D-807D3AD46C95}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe (Microsoft Corporation)
    FirewallRules: [{FF368E2D-6CBD-44A0-9B1B-2DF2AEE0101E}] => (Allow) LPort=26675
    FirewallRules: [{418E19DD-46A2-494E-8635-03A7B95A6B32}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS007B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C60E2A39-5435-41CE-A7DF-8F17D90DCA77}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS007B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E90BFA05-402F-47E9-A04D-E84B8A7E53E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation)
    FirewallRules: [{0ED0BD1C-734C-4F06-A858-6BCA4805911C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{B168EB99-518B-4579-8C4C-C74567AB1CF5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)

    ==================== Restore Points =========================

    08-01-2019 09:17:54 Scheduled Checkpoint
    15-01-2019 10:03:20 Scheduled Checkpoint
    18-01-2019 10:55:20 Windows Update
    28-01-2019 14:30:32 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/28/2019 04:00:26 PM) (Source: RapiMgr) (EventID: 8) (User: )
    Description: Windows Mobile-based device failed to connect due to communication (0x8007274a) failure (see data for failure code).

    Error: (01/28/2019 03:47:37 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/28/2019 03:45:35 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {ccded37a-3ca7-409a-9cf5-c99c3ed33f97}

    Error: (01/28/2019 03:04:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ReasonAV.exe, version: 1.0.0.20, time stamp: 0x5c3374f0
    Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f47fb
    Faulting process id: 0x23bc
    Faulting application start time: 0x01d4b753702b19ff
    Faulting application path: C:\Program Files\Reason\Reason Antivirus\ReasonAV.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: de595a1c-09d5-4307-b48d-6afb0b2814e9
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/25/2019 05:01:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0x00000000
    Fault offset: 0x00000000
    Faulting process id: 0x50e0
    Faulting application start time: 0x01d4b4bf22580326
    Faulting application path: bad_module_info
    Faulting module path: unknown
    Report Id: 1e51b030-1262-48f2-b84b-72c026ba55d1
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/25/2019 07:42:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_RapiMgr, version: 10.0.17134.1, time stamp: 0xa38b9ab2
    Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
    Exception code: 0xc0000008
    Fault offset: 0x000000000009e78a
    Faulting process id: 0x51e8
    Faulting application start time: 0x01d4b3f9b42d6b17
    Faulting application path: c:\windows\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 83435301-5670-4af3-b90f-3dd7e836f4c7
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/24/2019 05:17:06 PM) (Source: RapiMgr) (EventID: 8) (User: )
    Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code).

    Error: (01/24/2019 08:30:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_RapiMgr, version: 10.0.17134.1, time stamp: 0xa38b9ab2
    Faulting module name: ntdll.dll, version: 10.0.17134.471, time stamp: 0x7e614c22
    Exception code: 0xc0000008
    Fault offset: 0x000000000009e78a
    Faulting process id: 0x21e0
    Faulting application start time: 0x01d4b330d32bc68b
    Faulting application path: c:\windows\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: f53c1cf1-5bfe-4ecf-9105-0476e4232c02
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (01/28/2019 04:44:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:40:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:39:13 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-GCB922IN)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user LAPTOP-GCB922IN\esorn SID (S-1-5-21-3427401226-2247106153-2576929769-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:38:16 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-GCB922IN)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-GCB922IN\esorn SID (S-1-5-21-3427401226-2247106153-2576929769-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:38:13 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-GCB922IN)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-GCB922IN\esorn SID (S-1-5-21-3427401226-2247106153-2576929769-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:38:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-GCB922IN)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-GCB922IN\esorn SID (S-1-5-21-3427401226-2247106153-2576929769-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:38:04 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-GCB922IN)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscCloudBackupProvider
    and APPID
    Unavailable
    to the user LAPTOP-GCB922IN\esorn SID (S-1-5-21-3427401226-2247106153-2576929769-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/28/2019 04:37:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The System Interface Foundation Service service terminated unexpectedly. It has done this 1 time(s).


    Windows Defender:
    ===================================
    Date: 2019-01-25 15:43:54.397
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {7A4480EA-C2A7-4433-9E03-CA93D0C8C247}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-18 13:55:53.222
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {75796912-90EF-4A74-B55D-604F911EBB50}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-10 13:34:47.609
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5B5837F5-BCA5-44FE-8D89-577F5BD3D678}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-02 10:02:59.008
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E60C1CC3-DFF3-4ECF-A733-A838357A3A67}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-12-26 08:25:23.869
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {3163D82F-0DD0-4C81-93C0-6CCF60471F6F}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-08 07:49:56.406
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.283.2522.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15500.2
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-12-04 07:37:42.941
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.1361.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-12-03 09:13:20.909
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.1047.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-11-26 07:24:29.389
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.844.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2018-11-19 08:08:05.763
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.416.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80240016
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
    Percentage of memory in use: 57%
    Total physical RAM: 8065.76 MB
    Available physical RAM: 3457.23 MB
    Total Virtual: 9793.76 MB
    Available Virtual: 4971.93 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:892.75 GB) (Free:845.57 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.88 GB) NTFS

    \\?\Volume{8b70ba9b-1409-44bb-911c-9b0520546f68}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.53 GB) NTFS
    \\?\Volume{d6b54fec-5764-4185-a047-0e82d73bf03f}\ (LENOVO_PART) (Fixed) (Total:11.54 GB) (Free:1.9 GB) NTFS
    \\?\Volume{ab11a8e0-ba97-490e-91ec-4e4c38796d3e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: F15D0DD8)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    651
    Hi,

    Thanks for the logs.


    Uninstall a Program

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

    Lenovo App Explorer

    Follow the steps in the uninstaller to remove the program.

    -------------------------------------------


    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    SearchScopes: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001 -> DefaultScope {718F48FE-3E5D-4752-B1EB-D4230EC5C701} URL =
    SearchScopes: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001 -> {718F48FE-3E5D-4752-B1EB-D4230EC5C701} URL =
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
    
    FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
    
    CustomCLSID: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\esorn\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3427401226-2247106153-2576929769-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    
    Task: {016575B8-C842-474D-A7CD-6C34CEE228A3} - System32\Tasks\App Explorer => C:\Users\esorn\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-12-07] (SweetLabs, Inc) <==== ATTENTION
    Task: {B9E0222B-D2B7-4AE2-8076-7A4677319298} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    
    FirewallRules: [{E02A324D-2F39-40BE-8263-798C009C522A}] => (Allow) C:\Users\esorn\AppData\Local\Temp\ET-2750\Network\EpsonNetSetup\ENEasyApp.exe No File
    FirewallRules: [{FCEE0398-D403-47F8-93AE-A91ECE3F4AE6}] => (Allow) C:\Users\esorn\AppData\Local\Temp\ET-2750\Network\EpsonNetSetup\ENEasyApp.exe No File
    FirewallRules: [{9D162C2D-8D63-486A-9E6F-AC667AE8C622}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS05E6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{81BB9B9F-AAA5-4AAC-AA71-9726D238D59B}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS05E6\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{B865351D-431B-45D7-9DC7-AEF0DCD2CFEE}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS45E3\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{A589537B-9373-454C-B5B5-422F0D6E6997}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS45E3\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{1C19C60A-7331-4FAB-993E-F40DBC7E6FA0}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS44BD\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E388F1AB-E87E-480F-9851-4F3E4C1DA550}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS44BD\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{E62FED2B-066B-4762-AFE2-D4BA77B72CBC}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS2580\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{D434A6AA-6DDC-47B4-9D95-3C25B0A32863}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS2580\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{8AC453A1-1E23-4721-95C0-D2DD6FEAE7A7}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS0451\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{69A13E70-2FB3-4CE0-98B5-5E9E6849EBB6}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS0451\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{91E253B3-D634-46CE-97A0-4EDD9DDA02D9}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7E07\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{5C2594BE-D763-480E-B6C0-9B141A46BCEF}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7E07\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{DA4736AA-DEFE-4F76-AD9B-F9A1EE1229D7}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7CEE\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{5C405078-0D3A-4102-849C-9A4F3AFB1836}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS7CEE\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{A262376F-8583-49E2-9209-FBBA040EDC65}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe No File
    FirewallRules: [{418E19DD-46A2-494E-8635-03A7B95A6B32}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS007B\HPDiagnosticCoreUI.exe No File
    FirewallRules: [{C60E2A39-5435-41CE-A7DF-8F17D90DCA77}] => (Allow) C:\Users\esorn\AppData\Local\Temp\7zS007B\HPDiagnosticCoreUI.exe No File
    
    C:\Users\esorn\AppData\Local\Host App Service
    
    VirusTotal: C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
    VirusTotal: C:\Users\Public\VOIP.dat
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Let me know if the problems persist.

    Thanks.
     
  6. PeterDORG

    PeterDORG Thread Starter

    Joined:
    Jan 28, 2019
    Messages:
    4
    Thanks for the response.

    I will have a chance to get back on the colleagues computer and implement these changes next week. Will let you know if it works.
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    651
    Sounds great.(y)
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1222423

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice