• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

[Solved]Need help with possible adware problem

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#1
I have an ad blocker and I scan with mbam and windows defender regular but I am still getting these pop ups . They really come a lot if I try to copy and paste a link . Help.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#2
Hi Jimmy,

Ok a couple of things for you to do.

Step 1
  • Download AdwCleaner to your Desktop
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA , then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
  • This will kill all active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in.
  • Please copy/paste the content of that log in your next reply


Step 2
Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    YO62v3X.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
AdwCleaner report
Both reports from FRST.

This will give us a better understanding of what is going on.


Thanks.
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#3
Thanks for your reply, I did those tasks and I am sending the reports. I copied one of the pop ups url or something . In the address bar was this pcsupportdesk.co/lp30M/ and it said ad arcade loot.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-30.1
# Support: Customer Support & Help Center
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-31-2018
# Duration: 00:00:02
# OS: Windows 8.1
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4635 octets] - [24/08/2018 17:42:20]
AdwCleaner[C00].txt - [4241 octets] - [24/08/2018 17:44:14]
AdwCleaner[S01].txt - [1360 octets] - [31/08/2018 19:04:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

*************************************************************************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Jimmy Edwards (31-08-2018 19:21:20)
Running from C:\Users\Ray\Downloads
Windows 8.1 (Update) (X64) (2014-10-22 20:35:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled)
Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)
Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)
Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)
Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios)
ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl)
ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - )
PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - )
Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2A24730E-C25E-42EC-924B-4F723C6AD2E2} - System32\Tasks\HPCeeScheduleForJimmy Edwards => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe
Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-17] (HP Inc.)
Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.)
Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation)
Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe
Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJimmy Edwards.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900
FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869
FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357
FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

31-01-2018 16:05:11 Revo Uninstaller's restore point - Java 8 Update 161 (64-bit)
19-02-2018 00:18:14 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software
19-02-2018 00:24:02 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software
19-02-2018 01:05:13 Revo Uninstaller's restore point - HP Officejet 4630 series Help
26-02-2018 01:26:53 Windows Update
25-03-2018 11:42:15 Windows Update
15-04-2018 13:12:34 Windows Update
15-04-2018 16:59:55 Installed TomTom HOME.
24-04-2018 23:55:52 Windows Update
12-05-2018 13:48:23 Windows Update
14-06-2018 09:20:28 Windows Update
17-07-2018 12:05:55 Installed TomTom HOME.
22-07-2018 10:10:33 Installed DirectX
28-07-2018 12:30:38 Installed OpinionSquare
17-08-2018 15:32:18 Windows Update
24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher
24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid
24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder
24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules
24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules
24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01)
24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in
24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2018 11:30:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x1470
Faulting application start time: 0x01d4413f97f9ce0e
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: d669dd46-ad32-11e8-851e-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/31/2018 11:30:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/30/2018 10:14:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x814
Faulting application start time: 0x01d4406bd0095d3a
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 0e50e85d-ac5f-11e8-851d-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/30/2018 10:14:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/30/2018 09:38:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000374
Fault offset: 0x000e6214
Faulting process id: 0x1558
Faulting application start time: 0x01d4406669ba5802
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f6d69213-ac59-11e8-851d-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2018 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x590
Faulting application start time: 0x01d43f9e53513c77
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 91a4b1ff-ab91-11e8-851c-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2018 09:43:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/29/2018 09:15:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000374
Fault offset: 0x000e6214
Faulting process id: 0x478
Faulting application start time: 0x01d43f98c5ac2f71
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9b51aaf0-ab8d-11e8-851c-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

*************************************************************************************************************************************************


System errors:
=============
Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-05-23 23:03:25.737
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:HTML/Phish threat description - Windows Defender Security Intelligence
Name: Trojan:HTML/Phish
ID: 2147678587
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-02 08:03:12.067
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 08:01:27.090
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-01-30 09:29:22.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-30 09:29:22.674
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-30 09:29:22.673
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2017-12-26 11:29:03.449
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out

CodeIntegrity:
===================================

Date: 2017-08-24 12:30:53.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:53.263
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.169
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:30.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:29.388
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.216
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8066.05 MB
Available physical RAM: 5478.89 MB
Total Virtual: 9346.05 MB
Available Virtual: 6638.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:90.44 GB) NTFS

\\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS
\\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A)

Partition: GPT.

==================== End of Addition.txt ============================
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#4
Hi Jimmy,

Sorry for the late reply.... I didn't get a notification of your post.
I'll have to check my settings.

Unfortunately you only posted the Addition.txt from FRST.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Can you please post the Main FRST.txt.
There will be a copy in your Download folder.
Running from C:\Users\Ray\Downloads
Also, when was the last time that you ran a full scan with Windows Defender?

Thanks
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#5
I did a Windows Defender last week I believe,i will do one now and post it ok,thanks.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Jimmy Edwards (31-08-2018 19:21:20)
Running from C:\Users\Ray\Downloads
Windows 8.1 (Update) (X64) (2014-10-22 20:35:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled)
Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)
Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)
Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)
Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios)
ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl)
ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - )
PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - )
Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2A24730E-C25E-42EC-924B-4F723C6AD2E2} - System32\Tasks\HPCeeScheduleForJimmy Edwards => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe
Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-17] (HP Inc.)
Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.)
Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation)
Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe
Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForJimmy Edwards.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900
FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869
FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357
FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

31-01-2018 16:05:11 Revo Uninstaller's restore point - Java 8 Update 161 (64-bit)
19-02-2018 00:18:14 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software
19-02-2018 00:24:02 Revo Uninstaller's restore point - HP Officejet 4630 series Basic Device Software
19-02-2018 01:05:13 Revo Uninstaller's restore point - HP Officejet 4630 series Help
26-02-2018 01:26:53 Windows Update
25-03-2018 11:42:15 Windows Update
15-04-2018 13:12:34 Windows Update
15-04-2018 16:59:55 Installed TomTom HOME.
24-04-2018 23:55:52 Windows Update
12-05-2018 13:48:23 Windows Update
14-06-2018 09:20:28 Windows Update
17-07-2018 12:05:55 Installed TomTom HOME.
22-07-2018 10:10:33 Installed DirectX
28-07-2018 12:30:38 Installed OpinionSquare
17-08-2018 15:32:18 Windows Update
24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher
24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid
24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder
24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules
24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules
24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01)
24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in
24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2018 11:30:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x1470
Faulting application start time: 0x01d4413f97f9ce0e
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: d669dd46-ad32-11e8-851e-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/31/2018 11:30:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/30/2018 10:14:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x814
Faulting application start time: 0x01d4406bd0095d3a
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 0e50e85d-ac5f-11e8-851d-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/30/2018 10:14:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/30/2018 09:38:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000374
Fault offset: 0x000e6214
Faulting process id: 0x1558
Faulting application start time: 0x01d4406669ba5802
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f6d69213-ac59-11e8-851d-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2018 09:43:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x590
Faulting application start time: 0x01d43f9e53513c77
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 91a4b1ff-ab91-11e8-851c-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2018 09:43:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (08/29/2018 09:15:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.19036, time stamp: 0x5b077e91
Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b127e
Exception code: 0xc0000374
Fault offset: 0x000e6214
Faulting process id: 0x478
Faulting application start time: 0x01d43f98c5ac2f71
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9b51aaf0-ab8d-11e8-851c-c81f66038689
Faulting package full name:
Faulting package-relative application ID:
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#6
Oops so sorry


System errors:
=============
Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/31/2018 07:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2018-05-23 23:03:25.737
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:HTML/Phish threat description - Windows Defender Security Intelligence
Name: Trojan:HTML/Phish
ID: 2147678587
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-02 08:03:12.067
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-04-02 08:01:27.090
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-01-30 09:29:22.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-30 09:29:22.674
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-30 09:29:22.673
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2017-12-26 11:29:03.449
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee2
Error description: The operation timed out

CodeIntegrity:
===================================

Date: 2017-08-24 12:30:53.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:53.263
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.169
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:30.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:29.388
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.216
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8066.05 MB
Available physical RAM: 5478.89 MB
Total Virtual: 9346.05 MB
Available Virtual: 6638.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:90.44 GB) NTFS

\\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS
\\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A)

Partition: GPT.

==================== End of Addition.txt ============================
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#7
Hi Jimmy,

I did a Windows Defender last week I believe,i will do one now and post it ok,thanks.
Thanks.
I just wanted to make sure that Windows Defender had been run since this.....
Date: 2018-05-23 23:03:25.737
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:HTML/Phish threat description - Windows Defender Security Intelligence
Name: Trojan:HTML/Phish
ID: 2147678587
Severity: Severe
Category: Trojan
Unfortunately you've posted the addition.txt again.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:
The download folder will contain 2 frst reports...

PtD8R6d.png

The one we need is the text document named FRST.
The header will look like this....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:
Thanks
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#8
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by Jimmy Edwards (04-09-2018 15:17:18)
Running from C:\Users\Ray\Downloads
Windows 8.1 (Update) (X64) (2014-10-22 20:35:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2801032338-2342425128-3870613798-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2801032338-2342425128-3870613798-501 - Limited - Disabled)
Jimmy Edwards (S-1-5-21-2801032338-2342425128-3870613798-1001 - Administrator - Enabled) => C:\Users\Ray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Aimersoft Audio Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)
Aimersoft DVD Creator(Build 1.1.22) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft DVD Ripper(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Aimersoft DVD Studio Pack(Build 1.1.41) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)
Aimersoft Video Converter(Build 1.1.41) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)
Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com)
Any Video Converter 5.7.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20 (HKLM-x32\...\Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1) (Version: - InterAction studios)
ChrisPC Free VideoTube Downloader 10.07.26 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version: - Chris P.C. srl)
ChrisPC YTD Downloader MP3 Converter 2.85 (HKLM-x32\...\{6006089C-9ABC-4F18-ABCD-123456789801}_is1) (Version: - Chris P.C. srl)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
John's Background Switcher 4.17 (HKLM-x32\...\{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1) (Version: 4.17 - johnsadventures.com)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.9 - Tracker Software Products Ltd)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PySol Fan Club edition v.2.0 (HKLM-x32\...\PySol Fan Club edition_is1) (Version: - )
PySolFC Solitaire (a freeware Solitaire Game) version 1.1 (HKLM-x32\...\PySolFC Solitaire_is1) (Version: - )
Quit Counter (HKLM-x32\...\Quit Counter_is1) (Version: 1.2 - Xarka Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uninstall Dual Mode Camera (DT01) (HKLM-x32\...\DT01_2009_1026_1436_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xilisoft DVD Copy Express (HKLM-x32\...\Xilisoft DVD Copy Express) (Version: 1.1.23.0824 - Xilisoft)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 3.0.39.1121 - Xilisoft)
Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-08-27] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10E7CDFA-2463-4AA3-A931-EF99644B27C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {28389D5E-3DF8-42B9-AA66-9ABFBE4848F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {2B698B18-E3DE-4BA3-A4A0-99300FD8244C} - System32\Tasks\File1 Update Launch => C:\Program Files (x86)\Ant.com\File1 Package Manager\File1UL.exe
Task: {305486BC-CF31-4F18-B143-564AD42D6FB3} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ray\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {46E0D154-DFBC-4003-8802-D3D51BE25062} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {4B946556-9B09-4E0A-956B-F8A55E2D30C6} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2018-07-03] (Tracker Software Products (Canada) Ltd.)
Task: {4C874592-A1F9-4D5D-84FC-12271CCDCED5} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {5503E6E9-3C07-4745-A157-B44306AC54C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {58FE5BF4-4E30-4242-9B37-A6EB97177E91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {95D83143-E725-4C38-8FEF-37E28CA3643E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {B8B63F70-D4B8-4452-97E7-FDAF10FBC78C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BA58B807-D5A9-4B82-97CD-0ACADF6C23B4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-08-17] (Microsoft Corporation)
Task: {BB68C632-3B9B-4DD1-9F33-D4157978C40F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
Task: {C3CA267B-59D5-435A-B99C-E24A8A70FA5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {C40E713B-FEE2-4A7C-8F9C-DE1F28F79105} - System32\Tasks\HPCeeScheduleForRay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C9224EE8-B7E4-4335-A2F4-B8CB14DCA61B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {CCF5C425-EA50-47A3-9670-C8C13DFBE4A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {D7DD2F8C-5FB0-41DC-ADA7-7139CBD5A1F5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {D8AC50E5-57DE-4865-B539-E7F7D601F9E2} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe
Task: {DC97E556-53E4-40B4-9843-C6793A6DD3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {E08D4662-E828-4D68-871C-2B4DB7CFB1F2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {E12FB32E-7A8A-4D6C-85D2-C79BDD75F5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E43F873B-9CC5-4CEC-AFEE-67FBF2DBD1CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {E854B597-C9BE-47FA-827D-4A4D73977A77} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {FC3168F0-5526-43EE-B651-C173054AA193} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {FF9D33D7-56DA-4D71-AB20-38BE083343F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForRay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Ray\Desktop\My DVD Burners ETC\Disable_Windows_8_Explorer_Auto_Arrange - Shortcut.lnk -> C:\Users\Ray\Downloads\Disable_Windows_8_Explorer_Auto_Arrange.bat ()
Shortcut: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2018-08-24 17:07 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-27 13:41 - 2018-03-27 13:41 - 000134616 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2013-09-24 18:37 - 2012-07-18 15:55 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\aol.com -> hxxps://mail.aol.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2017-05-27 23:39 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ray\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
DNS Servers: 192.168.0.1 - 205.171.2.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "PCShowServer"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2E5CE9F1-F4FE-4A1C-BEC2-1FC2E81A853A}] => (Allow) LPort=1900
FirewallRules: [{D754747E-683E-4057-97C5-70B1A9D5027D}] => (Allow) LPort=2869
FirewallRules: [{C923C4C6-9B49-40C7-9371-572B12BDE35B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5E061F47-6AD2-47FF-95CB-54C7A1A1431F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{86FB472A-4CE5-460E-8F27-B2372E8D6165}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{990B95F7-EF83-4ECE-BF6F-A4D69FC9F83F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{68D3E9AF-C61B-4FAE-BD1F-BC06782A0D14}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8B34ACD6-5D32-4A76-91D9-350DB78A9719}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{83E4B487-6614-4483-BC48-0D08204DE91F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{5F9D9918-1620-4A0F-B3A6-3871EDA5216A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{66173C11-6A8B-4C38-A038-9987D21B6297}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8D120410-D7AB-457F-BBC3-4D639F3ECD8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{434E3162-983B-4CEB-8848-EE80A576B6A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{487853B9-8D61-4D6B-809C-D76F3B89C308}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FBC077C7-0DF8-4FF6-AFB8-7717F6A41847}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D5B8730B-52FD-4209-91C7-A622375CE37F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1166F700-646D-4E42-980B-801C723E1DD3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{45ECB300-8CB2-46D4-A602-131B4A7EBAF1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{EB358FD7-4A9C-43C1-9A47-E94F2085EC6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1EA55450-82A8-4B6A-BCFA-C9956BF9F6C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3E248B0D-F208-403E-A33F-494DBF5B0FEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E8016474-50EB-4A04-91D9-F5164E57AA4E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D68BE6A3-B344-4B65-B42B-D6E6B0442842}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EF0A35F-1644-4EAB-AAD6-F5AAC83A838D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26C770EF-9A12-4E13-BD11-F8A0A732D5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26511AD0-4D0A-497B-BAC4-1D4753F73A68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78BB779D-F662-4775-9CF7-4324145858C4}] => (Allow) LPort=5357
FirewallRules: [{A8109729-A3C5-4361-AF9B-66F387804877}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51CE882D-8A67-43B9-A5D8-6C76D5C002DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B4A45DE7-0320-42B0-89C1-D8EABCD803A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7A75F94D-4A55-4C9B-9A13-44A1E696171F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E4D74A0D-9366-4231-BFE4-C443C883E211}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{83F2FD09-719D-449E-9A08-C13C1D2597F3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{E7F527F7-B71E-47FD-B497-7B80C962D70A}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{502159B2-3CA4-48BC-B6CA-44733A093A13}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{E9941CCF-EE1C-4066-8380-F72B0F843A3D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{BE394815-69B1-4A0F-9159-2C392DA5AE16}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{144ACAB4-F3D8-48E9-AE9F-071064793C24}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{24B2410D-CABE-4475-9D29-F7821ACDFC94}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{420E6D3B-AA86-4C22-ACE2-C5C797CCCF81}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{E43BCC7E-1AB5-45F6-9079-EA4F4A51ED58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-03-2018 11:42:15 Windows Update
15-04-2018 13:12:34 Windows Update
15-04-2018 16:59:55 Installed TomTom HOME.
24-04-2018 23:55:52 Windows Update
12-05-2018 13:48:23 Windows Update
14-06-2018 09:20:28 Windows Update
17-07-2018 12:05:55 Installed TomTom HOME.
22-07-2018 10:10:33 Installed DirectX
28-07-2018 12:30:38 Installed OpinionSquare
17-08-2018 15:32:18 Windows Update
24-08-2018 17:50:12 Revo Uninstaller's restore point - Epic Games Launcher
24-08-2018 19:12:13 Revo Uninstaller's restore point - Ezvid
24-08-2018 19:14:55 Revo Uninstaller's restore point - Free Hide Folder
24-08-2018 19:16:04 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:19:15 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:20:26 Revo Uninstaller's restore point - TomTom HOME
24-08-2018 19:22:04 Revo Uninstaller's restore point - TomTom HOME Visual Studio Merge Modules
24-08-2018 19:22:22 Removed TomTom HOME Visual Studio Merge Modules
24-08-2018 19:23:45 Revo Uninstaller's restore point - Uninstall Dual Mode Camera (DT01)
24-08-2018 19:25:28 Revo Uninstaller's restore point - Google Earth Plug-in
24-08-2018 19:26:32 Revo Uninstaller's restore point - Google Earth Plug-in
01-09-2018 14:04:15 Restore Operation
02-09-2018 16:53:22 Ultra Adware Killer adware removal
04-09-2018 10:03:48 Revo Uninstaller's restore point - Ant.com IE add-on
04-09-2018 10:08:27 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2018 03:12:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ray\Desktop\MY SHARED FOLDER\A SECURITY STUFF\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/04/2018 09:51:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Ray\Desktop\MY SHARED FOLDER\A SECURITY STUFF\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/03/2018 12:15:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 12.0.6787.5000, time stamp: 0x5ab6b28d
Faulting module name: MSONSEXT.DLL, version: 11.0.6715.60, time stamp: 0x43306199
Exception code: 0xc0000005
Fault offset: 0x00053555
Faulting process id: 0x172c
Faulting application start time: 0x01d443a101f0da3d
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Faulting module path: C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Report Id: a3ff9a33-af94-11e8-851a-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (09/03/2018 10:25:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6584.81, time stamp: 0x54ee4835
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x6c4
Faulting application start time: 0x01d44391e6ba2d64
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 2520b309-af85-11e8-851a-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (09/03/2018 10:25:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ApplicationException
at asapi.asapicsharp.locale()
at pcd.models.properties.CustomizationManager.get_IsThirdwave()
at pcd.controllers.commandline.CommandLineManagerFactory.InitMyDellCLM(appupdatercommon.utilities.CommandLineManager, System.String[])
at pcd.controllers.commandline.CommandLineManagerFactory.Get(pcd.controllers.commandline.CommandLineManagerType, System.String[])
at pcd.controllers.MainController.InitCommandLineManagerWithArgs(System.String[])
at wpfview.Program.Main(System.String[])

Error: (09/03/2018 09:14:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1294
Faulting application start time: 0x01d44386701537cb
Faulting application path: C:\PROGRA~2\MICROS~3\WksWP.exe
Faulting module path: unknown
Report Id: 3f67ed54-af7b-11e8-851a-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (09/03/2018 09:14:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp: 0x466fad27
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000b328
Faulting process id: 0x1294
Faulting application start time: 0x01d44386701537cb
Faulting application path: C:\PROGRA~2\MICROS~3\WksWP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\msvcrt.dll
Report Id: 3c7b3e1c-af7b-11e8-851a-c81f66038689
Faulting package full name:
Faulting package-relative application ID:

Error: (09/02/2018 05:12:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.22013 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17d8

Start Time: 01d44300f6d20ceb

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: eafcb020-aef4-11e8-851a-c81f66038689

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (09/04/2018 02:11:49 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Jimmy\Jimmy Edwards SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/04/2018 02:11:49 PM) (Source: DCOM) (EventID: 10016) (User: JIMMY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user Jimmy\Jimmy Edwards SID (S-1-5-21-2801032338-2342425128-3870613798-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/02/2018 11:25:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:46:46 PM on ‎9/‎1/‎2018 was unexpected.

Error: (09/01/2018 07:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/01/2018 07:04:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s).

Error: (09/01/2018 07:04:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/01/2018 07:04:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (09/01/2018 03:42:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.


Windows Defender:
===================================
Date: 2018-09-02 19:33:26.741
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {7919FF8C-C68E-4B1A-AD0B-F7B08F518DBA}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-05-23 23:03:25.737
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:HTML/Phish threat description - Windows Defender Security Intelligence
Name: Trojan:HTML/Phish
ID: 2147678587
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Mozilla\Firefox\Profiles\5eqo96s0.default-1482161108706-1523801744665\cache2\entries\01411E8864B89E9860F722C30A06F09ECF1CE1D8
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.267.1641.0, AS: 1.267.1641.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[1].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-20 12:20:22.153
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Bitrep.A threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Bitrep.A
ID: 2147723097
Severity: Severe
Category: Trojan
Path: containerfile:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi;file:_C:\WINDOWS\Downloaded Installations\MediaFACE 4.0.msi->Data1.cab->MFHookManager.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.267.15.0, AS: 1.267.15.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14800.3, NIS: 2.1.14600.4

Date: 2018-04-02 08:03:12.067
Description:
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:JS/Flafisi.D threat description - Windows Defender Security Intelligence
Name: Trojan:JS/Flafisi.D
ID: 2147725632
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Ray\AppData\Local\Microsoft\Windows\INetCache\Low\IE\V12UNFV1\FlashPlayer[2].hta
Detection Origin: Internet
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Signature Version: AV: 1.263.1111.0, AS: 1.263.1111.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

Date: 2018-09-04 10:26:39.198
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-09-01 14:20:55.447
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2018-01-30 09:29:22.975
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.

Date: 2018-01-30 09:29:22.674
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-01-30 09:29:22.673
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.508.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: The operation timed out

CodeIntegrity:
===================================

Date: 2017-08-24 12:30:53.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:53.263
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 12:30:52.169
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:30.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:29.388
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-24 10:12:28.216
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\WINDOWS\System32\EasyRedirect64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8066.05 MB
Available physical RAM: 4140.15 MB
Total Virtual: 9346.05 MB
Available Virtual: 5467.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.77 GB) (Free:122.94 GB) NTFS

\\?\Volume{8ae1a6c5-57c6-4fdd-abc1-71a9febbb1c2}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.21 GB) NTFS
\\?\Volume{30650a71-79b0-4498-8ce5-c33b7216a1e5}\ (PBR Image) (Fixed) (Total:11.61 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6AA7D01A)

Partition: GPT.

==================== End of Addition.txt ============================
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#9
Hi Jimmy,

You are still posting the Additional text report.
The main FRST report gives us about 2/3 of the system info .... that is why we need it.

Just look for this in the Download folder.... (obviously the date/file size on yours will be different )

QP2tvkZ.png

When you open it, look at the 'Header' ... this is what it should read:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:
We don't want to see :
Additional scan result of Farbar Recovery Scan Tool (x64) Version:
Thanks.
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03
Ran by Jimmy Edwards (administrator) on JIMMY (04-09-2018 15:16:00)
Running from C:\Users\Ray\Downloads
Loaded Profiles: Jimmy Edwards (Available Profiles: Jimmy Edwards & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(johnsadventures.com) C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe
(Ruiware) C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Ant.com) C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Ray\Downloads\FRST64(2).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [BackgroundSwitcher] => C:\Users\Ray\Desktop\My Documents\A New Folder Pictures for switch\John's Background Switcher\BackgroundSwitcher.exe [124760 2018-05-15] (johnsadventures.com)
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware LLC\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {4907433c-6b83-11e8-84d5-c81f66038689} - "D:\Setup.exe"
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {6faa9800-2894-11e3-be6d-c81f66038689} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\...\MountPoints2: {abae85c0-de96-11e7-844b-c81f66038689} - "D:\Setup.exe"
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [309680 2017-12-01] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [262576 2017-12-01] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2017-01-18]
ShortcutTarget: Amazon Unbox.lnk -> C:\Users\Ray\Desktop\My Documents\Downloads from Google ETC\ADVWindowsClientSystemTray.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-01-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk [2018-09-04]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 Series Class Driver.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{51C8D340-F890-41D3-9072-A0A4EB2CA895}: [DhcpNameServer] 192.168.0.1 205.171.2.26
Tcpip\..\Interfaces\{A8C40184-0C97-472B-A7BC-59462E7AB2BC}: [DhcpNameServer] 192.168.0.1 205.171.2.26

Internet Explorer:
==================
HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL =
SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-07-21] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-21] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files (x86)\Ant.com\IE add-on\Download.dll [2013-03-05] (Ant.com)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll [2013-03-05] (Ant.com)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: f0qki1rs.default-1482161108706-1530495482829
FF ProfilePath: C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default [2018-07-17]
FF Extension: (Emulator) - C:\Users\Ray\AppData\Roaming\TomTom\HOME\Profiles\8hcmhey1.default\Extensions\Navcore.9.510.1234792@tomtom.com [2017-03-31] [Legacy] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829 [2018-09-04]
FF Homepage: Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829 -> hxxps://www.yahoo.com/
FF Extension: (uBlock) - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\f0qki1rs.default-1482161108706-1530495482829\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2018-09-02]
FF Extension: (Search and New Tab by Yahoo) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-06-05] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2801032338-2342425128-3870613798-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-07-03] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Docs) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24]
CHR Extension: (YouTube) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-07-22] (EasyAntiCheat Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-01-20] (ESET)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [28664 2016-04-29] (Intel Mobile Communications)
R3 jakstaVA; C:\WINDOWS\system32\DRIVERS\jaksta_va.sys [103816 2017-02-23] (e2eSoft)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-04] (Malwarebytes)
R1 MpKslb88472ae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD53AC24-F873-4BCD-BE5B-85050390922E}\MpKslb88472ae.sys [58120 2018-09-04] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-04 15:15 - 2018-09-04 15:15 - 002413056 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(2).exe
2018-09-04 09:59 - 2018-09-04 09:59 - 000281057 _____ C:\Users\Ray\Downloads\ant_video_downloader_and_player-2.3.0-fx (1).xpi
2018-09-02 16:36 - 2018-09-04 10:24 - 000000000 ____D C:\ProgramData\Ultra Adware Killer
2018-09-02 16:33 - 2018-09-04 10:25 - 000000000 ____D C:\Program Files (x86)\KeyCryptSDK
2018-09-02 16:33 - 2018-09-04 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2018-09-02 16:33 - 2018-09-04 10:24 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2018-09-02 16:32 - 2018-09-02 16:32 - 000000000 ____D C:\Users\Ray\AppData\Local\AntiLogger Free
2018-09-01 23:40 - 2018-09-01 23:40 - 005904423 _____ C:\Users\Ray\Desktop\T.I. Vs T.I.P- Respect this Hustle.mp4
2018-09-01 18:48 - 2018-09-01 19:46 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-09-01 18:47 - 2018-09-01 18:47 - 000000000 ____D C:\Users\Ray\AppData\Local\Zemana
2018-09-01 02:06 - 2018-09-01 23:28 - 000000000 ____D C:\Users\Ray\Desktop\New Music
2018-08-24 17:37 - 2018-08-24 17:41 - 007417040 _____ (Malwarebytes) C:\Users\Ray\Downloads\adwcleaner_7.2.2(1).exe
2018-08-24 17:33 - 2018-08-24 17:37 - 007417040 _____ (Malwarebytes) C:\Users\Ray\Downloads\adwcleaner_7.2.2.exe
2018-08-24 17:32 - 2018-08-24 17:32 - 007395536 _____ (Malwarebytes) C:\Users\Ray\Downloads\AdwCleaner(1).exe
2018-08-24 17:24 - 2018-08-24 17:25 - 002413056 _____ (Farbar) C:\Users\Ray\Downloads\FRST64(1).exe
2018-08-24 17:07 - 2018-09-04 10:30 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-24 17:07 - 2018-08-24 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-08-24 17:07 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-08-24 17:05 - 2018-08-24 17:06 - 082924864 _____ (Malwarebytes ) C:\Users\Ray\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6489(1).exe
2018-08-24 16:54 - 2018-08-24 16:55 - 082924864 _____ (Malwarebytes ) C:\Users\Ray\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6489.exe
2018-08-19 12:44 - 2018-08-19 12:44 - 000000000 ____D C:\Users\Ray\AppData\Local\mbam
2018-08-18 02:44 - 2018-08-03 19:46 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-08-18 02:44 - 2018-08-03 19:46 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-08-17 15:31 - 2018-07-19 03:06 - 007371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-17 15:31 - 2018-07-19 02:48 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-17 15:31 - 2018-07-19 02:15 - 025745408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-17 15:31 - 2018-07-19 00:35 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-17 15:31 - 2018-07-19 00:33 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-17 15:31 - 2018-07-19 00:33 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-08-17 15:31 - 2018-07-19 00:30 - 005778432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-17 15:31 - 2018-07-19 00:23 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-08-17 15:31 - 2018-07-19 00:22 - 020286464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-17 15:31 - 2018-07-19 00:22 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-08-17 15:31 - 2018-07-19 00:22 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-08-17 15:31 - 2018-07-19 00:21 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-08-17 15:31 - 2018-07-19 00:05 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-17 15:31 - 2018-07-19 00:03 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-08-17 15:31 - 2018-07-19 00:01 - 002295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-17 15:31 - 2018-07-18 23:55 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-08-17 15:31 - 2018-07-18 23:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-08-17 15:31 - 2018-07-18 23:54 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-08-17 15:31 - 2018-07-18 23:53 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-08-17 15:31 - 2018-07-18 23:47 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-08-17 15:31 - 2018-07-18 23:46 - 015283712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-08-17 15:31 - 2018-07-18 23:45 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-08-17 15:31 - 2018-07-18 23:45 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-08-17 15:31 - 2018-07-18 23:43 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-08-17 15:31 - 2018-07-18 23:34 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-08-17 15:31 - 2018-07-18 23:32 - 004494848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-17 15:31 - 2018-07-18 23:31 - 004510720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-17 15:31 - 2018-07-18 23:30 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-08-17 15:31 - 2018-07-18 23:28 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-08-17 15:31 - 2018-07-18 23:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-08-17 15:31 - 2018-07-18 23:28 - 002059776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-08-17 15:31 - 2018-07-18 23:28 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-08-17 15:31 - 2018-07-18 23:28 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-17 15:31 - 2018-07-18 23:20 - 001554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-08-17 15:31 - 2018-07-18 23:17 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-08-17 15:31 - 2018-07-18 23:09 - 004037632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-17 15:31 - 2018-07-18 23:09 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-08-17 15:31 - 2018-07-18 23:06 - 001329152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-08-17 15:31 - 2018-07-18 23:04 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-08-17 15:31 - 2018-07-13 03:51 - 002452824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-08-17 15:31 - 2018-07-07 14:33 - 001548632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-08-17 15:31 - 2018-07-07 13:05 - 004169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-08-17 15:31 - 2018-07-07 13:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-08-17 15:31 - 2018-07-07 13:00 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-08-17 15:31 - 2018-07-07 12:33 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-08-17 15:31 - 2018-07-07 12:31 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-08-17 15:31 - 2018-07-06 13:37 - 001754624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-08-17 15:31 - 2018-07-06 12:36 - 001491968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-08-17 15:31 - 2018-06-30 14:00 - 001113952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-08-17 15:31 - 2018-06-24 11:11 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-08-17 15:31 - 2018-06-24 11:04 - 000504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-08-17 15:31 - 2018-06-20 15:44 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-08-17 15:31 - 2018-06-20 15:44 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-08-17 15:31 - 2018-06-20 14:48 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-08-17 15:31 - 2018-06-20 14:48 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2018-08-17 15:31 - 2018-06-20 12:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-08-17 15:31 - 2018-06-20 12:58 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-08-17 15:31 - 2018-06-20 12:58 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-08-17 15:31 - 2018-06-19 09:38 - 003611136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-08-17 15:31 - 2018-06-19 09:38 - 003321344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-08-17 15:31 - 2018-06-19 09:31 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-08-17 15:31 - 2018-06-19 09:29 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-08-17 15:31 - 2018-06-16 11:03 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-08-17 15:31 - 2018-06-16 10:59 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-08-17 15:31 - 2018-06-15 00:34 - 000923512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-08-17 15:31 - 2018-06-14 22:28 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-08-17 15:31 - 2018-06-14 22:12 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-08-17 15:31 - 2018-06-14 22:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-08-17 15:31 - 2018-06-14 21:55 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-08-17 15:31 - 2018-06-14 21:43 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2018-08-17 15:31 - 2018-06-14 21:26 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-08-17 15:31 - 2018-06-14 21:22 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-08-17 15:31 - 2018-06-14 21:19 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-08-17 15:31 - 2018-06-12 04:00 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-08-17 15:31 - 2018-06-12 03:57 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-08-17 15:31 - 2018-06-11 12:36 - 003119616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-08-17 15:31 - 2018-06-09 12:26 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-08-17 15:31 - 2018-06-08 14:47 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-08-17 15:31 - 2018-06-08 14:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-08-17 15:31 - 2018-06-08 13:54 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-08-17 15:31 - 2018-06-08 13:53 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-08-17 15:31 - 2018-06-08 13:07 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-08-17 15:31 - 2018-06-08 12:44 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-08-17 15:31 - 2018-06-07 14:51 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-08-17 15:31 - 2018-05-24 17:29 - 000428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-08-06 13:21 - 2018-08-06 13:21 - 000004257 _____ C:\Users\Ray\Downloads\goto.cfm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-04 15:16 - 2017-05-26 22:01 - 000020070 _____ C:\Users\Ray\Downloads\FRST.txt
2018-09-04 15:16 - 2017-01-31 09:12 - 000000000 ____D C:\FRST
2018-09-04 15:14 - 2016-11-18 19:03 - 000000000 ____D C:\Users\Ray\AppData\LocalLow\Mozilla
2018-09-04 13:49 - 2013-12-29 19:04 - 000000000 ____D C:\Users\Ray\AppData\LocalLow\ant.com
2018-09-04 11:49 - 2017-11-21 00:45 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRay.job
2018-09-04 10:57 - 2012-07-26 01:26 - 000000223 _____ C:\WINDOWS\win.ini
2018-09-04 10:40 - 2013-12-28 19:11 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2801032338-2342425128-3870613798-1001
2018-09-04 10:31 - 2014-10-22 16:38 - 000000000 ___DO C:\Users\Ray\OneDrive
2018-09-04 10:31 - 2013-09-24 18:44 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2018-09-04 10:26 - 2014-10-22 15:33 - 000000000 ____D C:\Users\Ray
2018-09-04 10:26 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-04 10:25 - 2016-01-07 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2018-09-04 10:25 - 2014-10-22 15:33 - 000000000 ____D C:\Users\Administrator
2018-09-04 10:24 - 2018-08-02 14:09 - 000000000 ___RD C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\A Music
2018-09-04 10:24 - 2018-07-10 11:19 - 000000000 ____D C:\Users\Ray\Desktop\Tagalog Translator, Filipino Translation, Online Dictionary_files
2018-09-04 10:24 - 2018-01-22 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2018-09-04 10:24 - 2018-01-22 01:37 - 000000000 ____D C:\Program Files (x86)\WinPcap
2018-09-04 10:24 - 2016-10-02 09:52 - 000000000 ____D C:\ProgramData\Tracker Software
2018-09-04 10:24 - 2016-05-29 20:25 - 000000000 ____D C:\Users\Ray\AppData\Local\VideoCapture
2018-09-04 10:24 - 2016-02-21 13:39 - 000000000 ____D C:\Users\Ray\AppData\Local\Hewlett-Packard
2018-09-04 10:24 - 2014-02-14 08:50 - 000000000 ____D C:\Program Files (x86)\Dashlane
2018-09-04 10:24 - 2014-01-02 17:07 - 000000000 ____D C:\Users\Ray\AppData\Roaming\vlc
2018-09-04 10:24 - 2014-01-01 21:01 - 000000000 ____D C:\Users\Ray\AppData\Roaming\QuitCounter
2018-09-04 10:24 - 2013-12-29 22:20 - 000000000 ____D C:\Users\Ray\AppData\Roaming\PySolFC
2018-09-04 10:24 - 2013-12-29 20:54 - 000000000 ____D C:\Program Files\Tracker Software
2018-09-04 10:24 - 2013-09-29 01:18 - 000000000 ___RD C:\Users\Ray\Desktop\My DVD Burners ETC
2018-09-04 10:24 - 2013-09-24 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2018-09-04 10:22 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-04 10:18 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\registration
2018-09-04 10:18 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2018-09-04 09:51 - 2013-12-30 01:21 - 000043650 _____ C:\Users\Ray\AppData\Roaming\wklnhst.dat
2018-09-04 09:51 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-09-03 10:25 - 2017-03-03 10:21 - 000000000 ____D C:\Users\Ray\AppData\Local\CrashDumps
2018-09-02 12:17 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-31 19:24 - 2017-01-31 19:41 - 000051238 _____ C:\Users\Ray\Downloads\Addition.txt
2018-08-24 19:23 - 2013-12-28 20:23 - 000000000 ____D C:\Users\Ray\AppData\Roaming\ClassicShell
2018-08-24 19:11 - 2018-07-22 10:10 - 000000000 ____D C:\ProgramData\Epic
2018-08-24 17:44 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2018-08-24 17:42 - 2017-01-25 16:06 - 000000000 ____D C:\AdwCleaner
2018-08-24 17:07 - 2017-08-26 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-08-24 08:35 - 2014-09-24 03:15 - 000866884 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-22 08:30 - 2013-09-24 18:19 - 000000000 ____D C:\Intel
2018-08-22 08:24 - 2014-10-22 16:35 - 000000000 __SHD C:\Users\Ray\IntelGraphicsProfiles
2018-08-20 11:49 - 2017-11-21 00:45 - 000003146 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRay
2018-08-19 09:01 - 2016-02-04 11:37 - 000000638 _____ C:\WINDOWS\Tasks\TrackerAutoUpdate.job
2018-08-18 02:43 - 2013-08-22 10:44 - 000528512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-18 00:45 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-08-17 15:43 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-17 15:38 - 2013-12-28 21:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-17 15:35 - 2013-12-28 21:55 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-14 20:04 - 2018-03-14 01:04 - 000004452 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-14 20:04 - 2016-03-19 21:19 - 000004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-08-14 20:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-14 20:04 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-11 17:01 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-08-10 12:26 - 2015-11-22 19:28 - 000000000 ____D C:\Users\Ray\Desktop\MY SHARED FOLDER
2018-08-10 08:32 - 2017-08-25 16:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-10 08:32 - 2015-08-23 11:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-08 14:05 - 2017-08-24 13:45 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-08 14:05 - 2017-08-24 13:45 - 000002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-12-30 01:21 - 2018-09-04 09:51 - 000043650 _____ () C:\Users\Ray\AppData\Roaming\wklnhst.dat
2016-05-29 20:53 - 2018-01-21 12:35 - 000005120 _____ () C:\Users\Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-23 15:10 - 2018-01-23 15:10 - 000000000 _____ () C:\Users\Ray\AppData\Local\Schedule8.dat

Some files in TEMP:
====================
2018-07-21 11:07 - 2018-07-21 11:07 - 001906040 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-27 11:33

==================== End of FRST.txt ============================
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#11
Hi Jimmy,

Ok, thanks for that.
There's nothing malicious showing in the reports.... But a lot of these video downloaders are not as clean as they would have you believe.

There are a few little things we can clean up.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to your Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

HbL7sAI.png

The tool will make a log in the Download folder (Fixlog.txt).
Please post this in your next reply.

Step 2

Java 8 Update 181
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE 10.0.2 and save it to your desktop.
  • Scroll down to where it says "Java SE 10.0.2".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select Windows x64 offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

Step 3
Let's reset your main browser...

To Reset Firefox
  • At the top of the Firefox window, click the Help menu and select Troubleshooting Information
  • Click the Reset Firefox… button in the upper-right corner of the Troubleshooting Information page.
  • To continue, click Reset Firefox in the confirmation window that opens.
  • Firefox will close and be reset. When it's done, a window will list the information that was imported.
  • Click Finish and Firefox will open.
Note:
After the reset is finished, your old Firefox profile information will be placed on your desktop in a folder named "Old Firefox Data." If the reset didn't fix your problem you can restore some of the information not saved by copying files to the new profile that was created.
If you don't need this folder any longer, you should delete it as it contains sensitive information.

The reset feature works by creating a new profile folder for you while saving your most important data.

Firefox will try to keep the following data:
  • Bookmarks
  • Browsing history
  • Passwords
  • Cookies
  • Web form auto-fill information
  • Personal dictionary


In your next reply, please submit:
Fixlog.txt

and let me know if things have improved at all.


Thanks.
 

Attachments

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#12
Thanks ,here is the log,I hope it is the right one.I have to go out ,I will do the Java and Firefox reset later,Thanks again.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by Jimmy Edwards (08-09-2018 11:52:33) Run:1
Running from C:\Users\Ray\Downloads
Loaded Profiles: Jimmy Edwards (Available Profiles: Jimmy Edwards & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> DefaultScope {EA8E9CE8-160E-4200-89F5-5C78A3C55E8F} URL =
SearchScopes: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> {9E00ED14-DDAB-4086-B889-8ACD884A8ECF} URL =
Toolbar: HKU\S-1-5-21-2801032338-2342425128-3870613798-1001 -> No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File
2018-07-21 11:07 - 2018-07-21 11:07 - 001906040 _____ (Oracle Corporation) C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
*****************

Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF}" => removed successfully
HKLM\Software\Classes\CLSID\{9E00ED14-DDAB-4086-B889-8ACD884A8ECF} => not found
"HKU\S-1-5-21-2801032338-2342425128-3870613798-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2}" => removed successfully
HKLM\Software\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => not found
C:\Users\Ray\AppData\Local\Temp\jre-8u181-windows-au.exe => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2" => removed successfully
HKLM\Software\Classes\CLSID\{A8065B9E-193F-4797-B62D-8F6321E7FCCB} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78075951 B
Java, Flash, Steam htmlcache => 23664 B
Windows/system/drivers => 66689318 B
Edge => 0 B
Chrome => 872001353 B
Firefox => 406182557 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 34360 B
NetworkService => -658 B
Ray => 13944755511 B
Administrator => 0 B

RecycleBin => 3563293814 B
EmptyTemp: => 17.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:04:17 ====
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#13
Hi Jimmy,

Yes that's the fix report.
Give me an update on the system once you have completed the other steps.

Btw:
You stated at the beginning of the thread that you use an adblocker ...... what adblocker are you using?
I can't see one in the reports.

Thanks.
 

jimmyedwards

Free PC Help Contributor
Joined
Oct 6, 2013
Messages
130
PC Experience
Some Experience
#14
So far so good,I don't have a reset for Firefox what I see is refresh Firefox,my adblocker is uBlock, I think it is working pretty good because I don't see all those ads anymore. Thanks
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#15
Hi Jimmy,

I think it is working pretty good because I don't see all those ads anymore.
That's good to hear.

I don't have a reset for Firefox what I see is refresh Firefox
The later versions of Firefox seem to have renamed the reset to refresh.
I'll change the wording in future speeches.
my adblocker is uBlock
Sorry I don't know how i missed that.
Looking back over the report I saw it straight away.
uBlock is actually the old original version.
The author of uBlock sold it and then proceeded to rewrite everything and came up with a much better adblocker.
The new version is called uBlock Origin.... this is the only adblocker that I recommend now.
In fact uBlock Origin is more than an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker".
The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites.
My recommendation would be to remove uBlock and install uBlock Origin instead.

There are slightly different versions for different browsers... ( just pick the one you want )

Firefox:

uBlock Origin
Click on Add to Firefox.

Once installed, I recommend that you update the blocking definitions.

Tools >> Add-ons >> Extensions >> Options in uBlock Origin.
Scroll down and click on Show Dashboard.
Now click on 3rd Party Filters >> Update Now.

Google Chrome:

uBlock Origin
Click on Add to Chrome

Once installed, I recommend that you update the blocking definitions.

Right click on the uBlock Origin icon (top right of the browser) and select Options.
Now click on 3rd Party Filters >> Update Now.

Internet Explorer:

Since uBlock Origin is not available for IE, I'll recommend you install Adblock Plus for Internet Explorer instead.
Click on Install for Internet Explorer.
Click on Run notification at the bottom of the browser.
If you now get a notification saying IE is still running, would you like to shut down.... click Yes.
Follow the install pages by click next and finally finish.
Re-open Internet Explorer.
At the bottom you'll see:
The Adblock Plus for IE browser helper object is ready for use..... click Enable.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,489
Location
Midlands, UK
PC Experience
Very Experienced
#17
Hi Jimmy,

I believe the old girl is back up to snuff
:thumb:
who marks this solved?
I can do that for you.

Ok, let's finish the cleaning process and remove the tools that we used.

To remove FRST:

Right click on the FRST icon and select delete.
Right click on any fixlog.txt or fixlist.txt files and select delete.
Navigate to: C:\frst and delete the frst folder.
Now empty your 'Recycle Bin'.

To remove AdwCleaner:

Restart AdwCleaner ... click on the Uninstall button from the main screen.
This will remove all the files created and the program.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.gif