Jump to content

Jay_Hanig

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Jay_Hanig
    Nasdaq, I very much appreciate the detailed help you have given me. I have taken your advice and nuked the old Java updates, leaving just 181 in place. I also ran the AVG removal program as you suggested. Whether this fixes it or not has yet to be seen since it was such a sporadic event to begin with, but so far, so good! I will come back and update in a week or two if nothing else happens and we will call this a closed affair; sooner if it happens again. But either way, thank you. Your efforts are much appreciated.
  2. Jay_Hanig
    I hope I've given you what you want. This is very new territory for me.
  3. Jay_Hanig
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by Jay (14-08-2018 21:54:29) Running from C:\Users\Jay\Desktop\Farbar Recovery Windows 10 Home Version 1803 17134.165 (X64) (2018-05-02 01:46:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-514081183-2536853567-307929770-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-514081183-2536853567-307929770-503 - Limited - Disabled) Guest (S-1-5-21-514081183-2536853567-307929770-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-514081183-2536853567-307929770-1003 - Limited - Enabled) Jay (S-1-5-21-514081183-2536853567-307929770-1001 - Administrator - Enabled) => C:\Users\Jay WDAGUtilityAccount (S-1-5-21-514081183-2536853567-307929770-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov) 7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov) Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner) ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Any Video Converter 6.2.2 (HKLM-x32\...\Any Video Converter) (Version: 6.2.2 - Anvsoft) Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\{F0A7F6FC-97BC-4D27-B33B-6E1EFE1BB42D}) (Version: 16.78.2 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies) BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation) Brother P-touch Editor 5.1 (HKLM-x32\...\{BF6D28AE-0CAB-4950-AC4A-0AD38DA4C2E8}) (Version: 5.1.0311 - Brother Industries, Ltd.) Cockroach on Desktop 1.2 (HKLM-x32\...\Cockroach on Desktop_is1) (Version: - Drive Software Company) CSV to vCard (HKLM-x32\...\{B9DCBBD4-20F5-424B-9C56-FFF62BE71CD7}_is1) (Version: - csvtovcard.com) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software) DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.60 - Escort) DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV) Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{D0251C06-C69E-401A-8133-57F3AFD08035}) (Version: 3.10.0088 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.34.00 - Seiko Epson Corporation) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.) Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation) EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation) Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.) EPSON WF-4730 Series Printer Uninstall (HKLM\...\EPSON WF-4730 Series) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Family Tree Maker 2014 (HKLM\...\{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}) (Version: 22.0.207 - Ancestry.com, Inc.) Hidden FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden GLUCOFACTS(TM) Deluxe (HKLM-x32\...\{489891F3-650E-4EA8-BA9E-4DA9E331EA59}) (Version: 3.11.02 - ASCENSIA Diabetes Care) GLUCOFACTS(TM) Deluxe Smart Launch (HKLM-x32\...\{7B0EAC11-4D87-4254-B4F2-8D127A621B06}) (Version: 1.41.00 - ASCENSIA Diabetes Care) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Grammarly (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Grammarly) (Version: 1.4.21 - Grammarly) Grammarly (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\GrammarlyForWindows) (Version: 1.5.31 - Grammarly) Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot) HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.6.18.11 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.9.24.3 - HP Inc.) iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.) Infinite HD™ App (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Keeper Desktop version 8.2.3 (HKLM-x32\...\{06BDF132-5EE6-4245-914B-5918759BEBD9}_is1) (Version: 8.2.3 - Keeper Security, Inc.) Keeper Password Manager (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\keeperpasswordmanager) (Version: 10.14.1 - Keeper Security, Inc.) LibreOffice 5.1 Help Pack (English (United States)) (HKLM\...\{726CF225-E85D-41DB-8B60-734850AEDCD9}) (Version: 5.1.2.2 - The Document Foundation) LibreOffice 5.2.3.3 (HKLM\...\{CDBD2338-897B-432E-8424-EBC1290493DF}) (Version: 5.2.3.3 - The Document Foundation) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation) Mailing List Deluxe (HKLM-x32\...\Mailing List Deluxe) (Version: - ) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.2.6793 - Mozilla) Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla) MyHarmony (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.) ophcrack 3.6.0 (HKLM-x32\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA) PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version: - Traysoft Inc.) Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.09 - NCH Software) PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project) Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.10.11 - Quicken) Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.1.17 - Intuit) Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit) Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.14.9 - Intuit) ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version: - ) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.9.1 - ShareX Team) SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited) Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.0 - Stellar Information Technology Pvt Ltd.) TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.5287 - TeamViewer) ThunderFix 1.0.0.2 (HKLM-x32\...\{52291FC0-33D3-4A18-9587-5115225545D8}_is1) (Version: - ) Trigger External Graphics Family 16.06.0910.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.06.0910.0179 - MCT Corp) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.21.18 - Webroot) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass (07/22/2014 ) (HKLM\...\D0C35FE98CEDEF60A59F31DC022A63EFCF48559E) (Version: 07/22/2014 - ESCORT Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] () ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] () ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] () ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] () ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] () ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.) ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.) ContextMenuHandlers4: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9) ContextMenuHandlers5: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1969B1FB-97FB-4AA5-9610-6BF4100994D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.) Task: {1C80D8A9-916F-4F8A-9484-700240142CAC} - System32\Tasks\HPCeeScheduleForJay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.) Task: {2BDA3CFF-DAD5-4434-BDD1-E42317D23B09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.) Task: {2EA2BB97-E79C-4B5F-85AF-CFFD971866EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {319AB801-3002-4EAF-A2A5-01E324D8BDE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.) Task: {3D1ED465-6481-47BF-AD20-6698438FC979} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.) Task: {403C6CC9-E8B4-4D05-9983-E9AD660C16BE} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-07-26] (AVG Technologies CZ, s.r.o.) Task: {5C2BAE6A-E5D6-426A-8D17-FC61990A556F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {65D1884F-F90F-4C97-94AF-D1D90DBF0AA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {6BD37FFB-A570-44BE-B4C6-78447B70EA91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.) Task: {7BF0C28A-048B-4356-91B8-B809FE62EB01} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-09-27] (HP Inc.) Task: {7E153995-35AE-43A4-83BE-0325E3EEA0CD} - System32\Tasks\EPSON WF-4730 Series Update {EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {86AB9788-5FE0-4AFA-9D14-ACE9B79E88D7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated) Task: {88D76E59-C08E-47AF-A4E6-4E857B285CF0} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation) Task: {9ACC703F-1FFC-41CD-89D0-8EB55DC87B7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.) Task: {B68A1C28-D62C-4964-8112-24F29DF9B342} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jayhanig@charter.net => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated) Task: {B7CCA029-CFFF-416C-A563-96BC19D2B004} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.) Task: {B7F1B026-9B3F-44E4-AE6C-28F1B3A91C46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.) Task: {BA688FFE-AB9E-4A37-AC94-B31B05AFE196} - System32\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {C548E394-B90C-432A-9D70-00E5953433DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.) Task: {CB3291BD-D9AD-485B-88F3-BEECE5FF5BF6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated) Task: {CC64847F-F211-42A0-B1AC-B229D1ABA226} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E4C5D248-6D80-4FEE-9948-AE6603D37D67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-11] (Microsoft Corporation) Task: {EF178DBF-D01E-4058-977E-936C5790FE74} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] () Task: {F8169276-8B5A-4BBF-8EC2-19BAEBBFA8E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{81C3F5D8-ECFB-4345-AAA1-8D0131212EC2} /F:UpdateWORKGROUP2\JAYS-OFFICE$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF} /F:UpdateWORKGROUP2\JAYS-OFFICE$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\HPCeeScheduleForJay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Jay\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Public\Desktop\GLUCOFACTS Deluxe v3.11.lnk -> C:\Program Files (x86)\Ascensia Diabetes Care\GLUCOFACTS Deluxe\run.bat () ShortcutWithArgument: C:\Users\Jay\Desktop\Bank of America - IE.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.bankofamerica.com/Control.do?page_msg=timeout&body=signoff ==================== Loaded Modules (Whitelisted) ============== 2015-08-23 19:45 - 2017-05-23 04:35 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2017-11-22 12:20 - 2017-11-22 12:20 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 2013-08-29 03:08 - 2013-08-29 03:08 - 000332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll 2013-08-01 05:36 - 2013-08-01 05:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll 2013-08-01 05:36 - 2013-08-01 05:36 - 000058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll 2013-02-03 07:40 - 2013-02-03 07:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll 2012-02-02 05:16 - 2012-02-02 05:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll 2013-08-29 03:08 - 2013-08-29 03:08 - 000054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll 2013-02-03 07:40 - 2013-02-03 07:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll 2013-08-01 05:36 - 2013-08-01 05:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll 2013-02-03 05:21 - 2013-02-03 05:21 - 000045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll 2013-02-03 05:21 - 2013-02-03 05:21 - 000097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll 2018-01-27 15:02 - 2018-07-15 05:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-01-27 15:02 - 2018-07-15 05:32 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-06-26 09:47 - 2018-06-26 09:47 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-22 11:25 - 2014-08-22 18:10 - 002244912 _____ () C:\WINDOWS\system32\MlPatch.exe 2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2015-12-19 05:32 - 2012-08-28 15:20 - 000313432 _____ () C:\WINDOWS\system32\GManager.exe 2017-11-22 12:04 - 2017-11-22 12:04 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2017-01-01 15:07 - 2013-08-29 03:08 - 000163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl 2017-01-01 15:07 - 2013-08-01 05:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl 2017-01-01 15:07 - 2013-08-01 05:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl 2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2017-01-01 15:07 - 2013-08-29 03:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl 2017-01-01 15:07 - 2013-02-03 07:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl 2017-01-01 15:07 - 2012-02-02 05:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl 2017-01-01 15:07 - 2013-08-01 05:36 - 000058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl 2017-01-01 15:07 - 2013-02-03 07:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl 2017-01-01 15:07 - 2013-08-29 03:08 - 000087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl 2014-06-18 04:46 - 2014-06-18 04:46 - 001358912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe 2013-08-29 03:08 - 2013-08-29 03:08 - 000063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll 2013-08-01 05:36 - 2013-08-01 05:36 - 000093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll 2017-01-25 05:42 - 2017-01-25 05:42 - 000401880 _____ () C:\WINDOWS\system32\igfxTray.exe 2018-07-11 22:47 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-07-16 23:49 - 2018-07-16 23:49 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-07-16 23:49 - 2018-07-16 23:49 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-07-16 23:49 - 2018-07-16 23:49 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-07-16 23:49 - 2018-07-16 23:49 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll 2018-07-16 23:49 - 2018-07-16 23:49 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-08-10 20:14 - 2018-08-10 20:15 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe 2018-08-10 20:14 - 2018-08-10 20:15 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-08-10 20:14 - 2018-08-10 20:15 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-09-26 00:05 - 2017-09-26 00:05 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-08-10 20:14 - 2018-08-10 20:15 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll 2017-11-22 12:06 - 2017-11-22 12:06 - 000585296 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 2018-06-18 22:43 - 2018-06-18 22:43 - 004630488 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 2017-11-22 12:04 - 2017-11-22 12:04 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 2018-07-26 14:44 - 2018-07-26 14:45 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-07-26 14:44 - 2018-07-26 14:45 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-03 19:44 - 2017-10-03 19:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-07-19 01:49 - 2018-07-19 01:49 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-07-19 01:49 - 2018-07-19 01:49 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-05-04 03:47 - 2018-05-04 03:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll 2018-07-19 01:49 - 2018-07-19 01:49 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-04-05 06:30 - 2018-04-05 06:30 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-07-26 14:44 - 2018-07-26 14:45 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-07-19 01:49 - 2018-07-19 01:49 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-07-26 14:44 - 2018-07-26 14:45 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-05-29 19:40 - 2018-05-29 19:41 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-07-19 01:49 - 2018-07-19 01:49 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-07-26 14:44 - 2018-07-26 14:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-07-26 14:44 - 2018-07-26 14:45 - 000162816 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\SKU.dll 2018-07-26 14:44 - 2018-07-26 14:45 - 000045056 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImageDecoding.dll 2017-07-02 09:42 - 2017-07-02 09:42 - 000281600 _____ () C:\Users\Jay\AppData\Local\keeperagent\resources\app\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe 2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll 2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll 2017-11-22 12:04 - 2017-11-22 12:04 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll 2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll 2017-11-22 11:51 - 2017-11-22 11:51 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll 2017-11-22 12:04 - 2017-11-22 12:04 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll 2017-11-22 12:04 - 2017-11-22 12:04 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll 2017-06-14 03:08 - 2017-06-14 03:02 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2017-07-02 09:42 - 2017-07-02 09:42 - 001877504 _____ () C:\Users\Jay\AppData\Local\keeperagent\ffmpeg.dll 2018-06-14 03:27 - 2018-06-08 04:56 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll 2018-06-14 03:27 - 2018-06-08 04:56 - 000755200 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL 2018-06-18 19:40 - 2018-06-18 19:40 - 008988888 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll 2017-11-22 12:04 - 2017-11-22 12:04 - 000796192 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll 2018-06-18 19:41 - 2018-06-18 19:41 - 000057048 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll 2017-11-22 12:04 - 2017-11-22 12:04 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2017-11-22 11:51 - 2017-11-22 11:51 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll 2015-07-11 00:37 - 2015-07-11 00:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-07-02 09:42 - 2017-07-02 09:42 - 001922560 _____ () C:\Users\Jay\AppData\Local\keeperagent\libglesv2.dll 2017-07-02 09:42 - 2017-07-02 09:42 - 000079872 _____ () C:\Users\Jay\AppData\Local\keeperagent\libegl.dll 2018-08-14 11:49 - 2018-08-14 11:49 - 000695808 _____ () C:\Users\Jay\AppData\Local\Temp\sqlite-3.8.11.2-9533cb40-479b-438a-8dfc-5827eb654b2b-sqlitejdbc.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-22 15:04 - 2015-08-22 15:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\topsail inlet sunset 029.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BADA98A7-0FCD-4B43-AE6E-0C02DB431BDB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{2E83D7D6-8894-48A8-B457-FC97097C3198}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{74AE87A9-5B05-43C0-8ACD-B84773BE68C6}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe FirewallRules: [UDP Query User{210BC2A9-6BD4-4996-A9F1-5AFA139075EB}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe FirewallRules: [{5D8E3259-DDAC-4DEE-8B9D-8A63F2037805}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [TCP Query User{F36B04ED-7BB3-4EEC-BD39-C0265913B6C1}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe FirewallRules: [UDP Query User{4D366546-085F-47F8-A910-0FF5A0E8CA36}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe FirewallRules: [TCP Query User{25E80EEE-3574-4AB6-B0E3-EFC035BED84F}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe FirewallRules: [UDP Query User{C37D353F-8167-4A11-8629-74D7C5F669DF}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe FirewallRules: [TCP Query User{BE9671C1-7A43-4BCA-AB11-E613820A57E8}C:\program files (x86)\acronis\trueimagehome\ga_service.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\ga_service.exe FirewallRules: [UDP Query User{DBDE133D-CE5C-4BF5-833E-414ABE6C3CF3}C:\program files (x86)\acronis\trueimagehome\ga_service.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\ga_service.exe FirewallRules: [{C5301D22-2664-4577-A6E4-B251E2745BE7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{9A93DAAA-A6C6-42B6-AF97-087450B5A93E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe FirewallRules: [{FB003BE0-7B1E-41EC-A316-9BA4C7DD9BA2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe FirewallRules: [{926267BF-1468-48DF-BC3B-B502A889FC9A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe FirewallRules: [{92932B7B-40AB-4128-AC66-89A28A1535F0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe FirewallRules: [{168954CB-403D-49EB-8303-373271E06D85}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe FirewallRules: [{150C4952-D684-4074-8441-68CCFBB632CB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe FirewallRules: [{18F62B14-9BB2-4138-905A-587DBFA34272}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe FirewallRules: [{F3B041BC-1994-468A-8788-02719EDC7A94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe FirewallRules: [{B22E1CEF-26C3-4E31-BA5D-292A8823684E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe FirewallRules: [{A96054FB-C1AB-4A7A-84E9-E0E3D5FA1F0E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe FirewallRules: [{F03C8727-BD0B-46FC-8941-F863E3BD5053}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe FirewallRules: [{9097E15D-8D3D-4534-B62F-199D5092BBEC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe FirewallRules: [{7871A85D-4A08-40CB-B3BF-1FD20A2061BA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{793E5F67-9F9A-40C2-9D3B-18D0C01E0889}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{CD09F095-AF33-4327-97C3-D46BD1489BCF}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{4C5ADFE9-5CBD-4499-92D4-C3D48E126D7A}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [TCP Query User{A657CDD1-77B1-47C1-8683-AD6C5CFB248B}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe FirewallRules: [UDP Query User{1AB9FEF9-2587-4BD3-B4E3-33400DE6FDB9}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe FirewallRules: [{113B003E-EE3B-4089-8060-635A6A60D2CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{0F595046-DACC-4D2A-AB2C-ECFC235680A9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{7362C9F7-E860-49C3-B1FD-A90FEAE5003D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{20712107-3665-4AB1-82B8-DBAAD9D74B0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{06351403-9D53-4B20-AB74-B61A4446078D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DD34EEEA-1119-4EC4-B379-383C5556FD60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4F32B571-5600-4277-B7C4-3413D30A4C6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9306F7A9-922E-471F-A962-A4217220525B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-08-2018 22:00:42 Scheduled Checkpoint 14-08-2018 09:41:28 Installed Epson Software Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/14/2018 03:12:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d Faulting module name: KERNELBASE.dll, version: 10.0.17134.165, time stamp: 0xfa43f4b2 Exception code: 0xe0434352 Fault offset: 0x0010ddc2 Faulting process id: 0x2900 Faulting application start time: 0x01d4339e2101cdf8 Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 34492f6c-675b-4c03-9439-cca563122a79 Faulting package full name: Faulting package-relative application ID: Error: (08/14/2018 03:12:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorDataMgrSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException at <Module>.IsiGetSystemInfo(_ISI_SystemInfo*) at PsiData.PsiDataSource.GetSystemInfo(System.Collections.Generic.Dictionary`2<Int32,System.Object>, System.Collections.Generic.List`1<PsiData.PsiError>) at PsiData.PsiDataSource.Load(System.Collections.Generic.Dictionary`2<Int32,System.Object> ByRef, Boolean) at PSI.PsiSystemDataModel.LoadDriverData(Int32) at PSI.PsiSystemDataModel.CreateStaticDataModel() at PSI.PsiSystemDataModel..cctor() Exception Info: System.TypeInitializationException at PSI.PsiSystemDataModel.Connect() at PSIClient.PsiClient.Init() at IAStorUtil.SystemDataModelListener..ctor() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/14/2018 03:07:36 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY) Description: Scheduler failed to run task >> "" with GUID '690B7E31-4B86-4C05-97F6-50D91CDDBDD3' because of error 87> (Scheduler has received a request with an invalid parameter.). Error: (08/06/2018 06:03:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d Faulting module name: ISDI2.dll, version: 14.5.0.1081, time stamp: 0x556ecaed Exception code: 0xc0000005 Fault offset: 0x00054263 Faulting process id: 0x2a54 Faulting application start time: 0x01d42d6cbd537332 Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll Report Id: 2fa8b342-78b1-4b17-bb1c-fdc333aefac7 Faulting package full name: Faulting package-relative application ID: Error: (08/06/2018 06:03:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorDataMgrSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException at <Module>.IsiEventSetUp() at PsiData.PsiDataSource.IsiEventSetUpInterface() at PSI.PsiSystemDataModel.pollWorker_DoWork(System.Object, System.ComponentModel.DoWorkEventArgs) at System.ComponentModel.BackgroundWorker.OnDoWork(System.ComponentModel.DoWorkEventArgs) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(System.Object) at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr, System.Object[], System.Object, System.Object[] ByRef) at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessageSink) at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.ThreadPoolCallBack(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (08/06/2018 05:59:02 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY) Description: Scheduler failed to run task >> "" with GUID '3A935229-77EE-42DF-9CEF-7E991AF15605' because of error 87> (Scheduler has received a request with an invalid parameter.). Error: (07/27/2018 11:27:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d Faulting module name: ISDI2.dll, version: 14.5.0.1081, time stamp: 0x556ecaed Exception code: 0xc0000005 Fault offset: 0x00054263 Faulting process id: 0x3234 Faulting application start time: 0x01d42622e2262177 Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll Report Id: 7ed4be7f-52dd-4938-878e-2fbf02b95c4a Faulting package full name: Faulting package-relative application ID: Error: (07/27/2018 11:27:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorDataMgrSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException at <Module>.IsiEventSetUp() at PsiData.PsiDataSource.IsiEventSetUpInterface() at PSI.PsiSystemDataModel.pollWorker_DoWork(System.Object, System.ComponentModel.DoWorkEventArgs) at System.ComponentModel.BackgroundWorker.OnDoWork(System.ComponentModel.DoWorkEventArgs) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(System.Object) at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr, System.Object[], System.Object, System.Object[] ByRef) at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessageSink) at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.ThreadPoolCallBack(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() System errors: ============= Error: (08/14/2018 03:21:03 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Miniport TeamViewer VPN Adapter, {6DC34C50-2371-4229-BDE8-2F8A02DFE3CF}, had event 76 Error: (08/14/2018 03:13:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/14/2018 03:12:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (08/14/2018 03:12:40 AM) (Source: DCOM) (EventID: 10016) (User: JAYS-OFFICE) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user JAYS-OFFICE\Jay SID (S-1-5-21-514081183-2536853567-307929770-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/14/2018 03:11:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/14/2018 03:11:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (08/14/2018 03:09:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Device Interaction Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/14/2018 03:09:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect. CodeIntegrity: =================================== Date: 2018-08-14 02:16:03.722 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:16:03.716 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:16:03.710 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:16:03.705 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:16:03.696 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:15:58.187 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:15:58.181 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-08-14 02:15:58.176 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Percentage of memory in use: 70% Total physical RAM: 12193.06 MB Available physical RAM: 3603.13 MB Total Virtual: 14049.06 MB Available Virtual: 4876.82 MB ==================== Drives ================================ Drive ? (Windows) (Fixed) (Total:1845.11 GB) (Free:1647.55 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:15.59 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (RECOVERY) (Removable) (Total:29.74 GB) (Free:15.52 GB) FAT32 Drive n: (USB 3 Ext HD) (Fixed) (Total:3725.87 GB) (Free:1873.73 GB) NTFS \\?\Volume{5ba19738-b4c2-4e0d-b244-91c18c919852}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS \\?\Volume{71ae6d00-226a-438d-a977-e90ccf6ebd4e}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS \\?\Volume{7074f295-0b31-4df2-8b5c-1843d5b88912}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.28 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 0E09C58B) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 29.8 GB) (Disk ID: B415881C) Partition 1: (Active) - (Size=29.8 GB) - (Type=0C) ==================== End of Addition.txt ============================
  4. Jay_Hanig
    Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by Jay (15-08-2018 16:34:10) Run:1 Running from C:\Users\Jay\Desktop\Farbar Recovery Loaded Profiles: Jay (Available Profiles: Jay) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION Reboot: End ***************** Restore point was successfully created. Processes closed successfully. HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully "HKLM\SOFTWARE\Policies\Google" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully "HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile" => removed successfully "HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe" => removed successfully The system needed a reboot. ==== End of Fixlog 16:34:33 ====
  5. Jay_Hanig
    I want you to know it's not a matter of I can't follow instructions; it's that I don't see a "Post" or "More Replies Options" button anywhere. What I see has a "Submit Reply " button. I have attached a screen copy of the editor page that I see. Pressing "Insert other media" doesn't get me there either.
  6. Jay_Hanig
    Well, what do you know? It let me send the attachments, or the texts... just not at the same time. Perseverance pays off !
  7. Jay_Hanig
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018 Ran by Jay (administrator) on JAYS-OFFICE (14-08-2018 21:52:51) Running from C:\Users\Jay\Desktop\Farbar Recovery Loaded Profiles: Jay (Available Profiles: Jay) Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Bayer Healthcare LLC) C:\Program Files (x86)\Ascensia Diabetes Care SmartLaunch\bin\AscensiaDCService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe () C:\Windows\System32\mlpatch.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe () C:\Windows\System32\GManager.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Magic Control Technology Corporation) C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Octoshape ApS) C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Keeper Security, Inc.) C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe (Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE (Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTray.exe () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Keeper Security, Inc.) C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Microsoft Corporation) C:\Windows\System32\SnippingTool.exe () C:\Users\Jay\AppData\Local\keeperagent\resources\app\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe (Oracle Corporation) C:\Program Files (x86)\Keeper Security\Keeper Password & Data Vault\jre\bin\javaw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation) HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard ) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] () HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-12-15] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-12-15] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4630488 2018-06-18] () HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3710592 2018-07-12] (Webroot) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (Acronis International GmbH) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [CockroachOnDesktop] => C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe [3322368 2013-01-26] () HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [PCShowServer] => C:\Users\Jay\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-05-23] (Apple Inc.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-05-23] (Apple Inc.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [keeperagent] => C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe [57377280 2017-07-02] (Keeper Security, Inc.) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [EPLTarget\P0000000000000004] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation) HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-05-15] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2015-08-22] ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7d8ce0ec-e384-453d-9535-5430f276500c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{89d3cf6d-e4e3-4a39-9055-87d9a9d7c57a}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-08-13] (Webroot) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-27] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-08-13] (Webroot) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-27] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) FireFox: ======== FF ProfilePath: C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 [2018-08-14] FF Homepage: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> hxxp://www.protopage.com/jayhanig FF HomepageOverride: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> Disabled: Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com FF NewTabOverride: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> Disabled: Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com FF Extension: (Grammarly for Firefox) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-08] FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-08-12] FF Extension: (Bypass Paywalls) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\iamadamdev@hotmail.com.xpi [2018-07-23] FF Extension: (Rotate and Zoom Image) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\rotate-and-zoom-image@mikk.cz.xpi [2018-03-10] FF Extension: (Speed Check) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com.xpi [2018-06-26] FF Extension: (Block Site) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2018-08-05] FF Extension: (Flash Video Player for Facebook™) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{d0bfdcce-52c7-4b32-bb45-948f62db8d3f}.xpi [2018-02-16] FF Extension: (Adblock Plus) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18] FF Extension: (Anti-Paywall) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{e5322648-dfe4-4c45-b02d-44c61d545f2b}.xpi [2017-12-28] FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi [2018-08-13] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-04-01] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-03-21] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-27] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-514081183-2536853567-307929770-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Jay\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-04-27] (Octoshape ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default [2018-02-14] CHR Extension: (Slides) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-12] CHR Extension: (Docs) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-12] CHR Extension: (Google Drive) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27] CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27] CHR Extension: (Sheets) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-12] CHR Extension: (Google Docs Offline) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28] CHR Extension: (Webroot Password Manager) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-02-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-12] CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30] CHR Extension: (Chrome Media Router) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-12] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1216760 2017-11-22] () R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-06-26] () R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated) R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.) R2 AscensiaDiabetesCareService; C:\Program Files (x86)\Ascensia Diabetes Care SmartLaunch\bin\AscensiaDCService.exe [163552 2017-03-28] (Bayer Healthcare LLC) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Technologies CZ, s.r.o.) S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed] R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (Seiko Epson Corporation) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (Seiko Epson Corporation) S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries) R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9) R2 GManager; C:\WINDOWS\system32\GManager.exe [313432 2012-08-28] () S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] () R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH) S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH) S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1747296 2018-06-18] () S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR) R2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [17184 2017-11-09] (Traysoft Inc.) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed] R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-11-22] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Technologies CZ, s.r.o.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation) R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3710592 2018-07-12] (Webroot) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-15] (Malwarebytes) R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-06-26] (Acronis International GmbH) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-06-26] (Acronis International GmbH) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-07-15] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-14] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-14] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-14] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-14] (Malwarebytes) R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [174712 2016-08-29] (Magic Control Technology Corporation) R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation) R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-01-01] (CACE Technologies, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) U5 t1pusb64; C:\Windows\System32\Drivers\t1pusb64.sys [181040 2014-10-27] (Magic Control Technology Corp.) R3 t2usb64; C:\WINDOWS\system32\drivers\t2usb64.sys [358704 2016-09-21] (Magic Control Technology Corp.) S3 t5usb64; C:\WINDOWS\system32\drivers\t5usb64.sys [141616 2014-10-30] (Magic Control Technology Corporation) R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-06-26] (Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-06-26] (Acronis International GmbH) S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-06-26] (Acronis International GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-06-26] (Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-06-26] (Acronis International GmbH) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation) R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-07-12] (Webroot) R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [68896 2018-05-02] (Webroot) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-14 21:52 - 2018-08-14 21:52 - 000000000 ____D C:\FRST 2018-08-14 21:50 - 2018-08-14 21:52 - 000000000 ____D C:\Users\Jay\Desktop\Farbar Recovery 2018-08-14 21:50 - 2018-08-14 21:50 - 002412544 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe 2018-08-11 10:20 - 2018-08-11 10:20 - 000000000 ___HD C:\OneDriveTemp 2018-08-08 01:37 - 2018-08-08 01:37 - 000000000 ____D C:\Users\Jay\Desktop\Inet 2018-08-07 05:45 - 2018-08-07 05:45 - 000017271 _____ C:\Users\Jay\Documents\Officer's Ranks.odt 2018-08-03 18:57 - 2018-08-03 18:57 - 000537705 _____ C:\Users\Jay\Documents\Dermatology Patient Demographic Form.pdf 2018-08-03 04:10 - 2018-08-03 04:10 - 001667433 _____ C:\Users\Jay\Downloads\liberator_complete.zip 2018-08-03 04:10 - 2018-08-03 04:10 - 000546778 _____ C:\Users\Jay\Downloads\Instructions.pdf 2018-08-03 04:09 - 2018-08-03 04:10 - 067196620 _____ C:\Users\Jay\Downloads\vz58_complete.zip 2018-08-03 04:09 - 2018-08-03 04:09 - 143047777 _____ C:\Users\Jay\Downloads\ar15_complete.zip 2018-08-03 04:09 - 2018-08-03 04:09 - 044404090 _____ C:\Users\Jay\Downloads\ar10_complete.zip 2018-08-03 04:09 - 2018-08-03 04:09 - 040656604 _____ C:\Users\Jay\Downloads\1911_complete.zip 2018-08-03 04:09 - 2018-08-03 04:09 - 014520064 _____ C:\Users\Jay\Downloads\ruger_10-22_complete.zip 2018-07-31 10:07 - 2018-07-31 10:08 - 000145106 _____ C:\Users\Jay\Downloads\Policies.pdf 2018-07-31 10:07 - 2018-07-31 10:07 - 000096298 _____ C:\Users\Jay\Downloads\Quality of Care.pdf 2018-07-31 10:07 - 2018-07-31 10:07 - 000045842 _____ C:\Users\Jay\Downloads\Communication Release.pdf 2018-07-31 10:06 - 2018-07-31 10:06 - 000131343 _____ C:\Users\Jay\Downloads\Notice of Privacy Practices.pdf 2018-07-31 10:06 - 2018-07-31 10:06 - 000103006 _____ C:\Users\Jay\Downloads\Health History.pdf 2018-07-31 10:06 - 2018-07-31 10:06 - 000055601 _____ C:\Users\Jay\Downloads\Patient Demographic Form.pdf 2018-07-27 10:33 - 2018-07-27 10:33 - 000001859 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-07-27 10:33 - 2018-07-27 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-07-27 10:33 - 2018-07-27 10:33 - 000000000 ____D C:\Program Files\iPod 2018-07-27 10:32 - 2018-07-27 10:33 - 000000000 ____D C:\Program Files\iTunes 2018-07-23 14:31 - 2018-07-23 14:31 - 000056310 _____ C:\Users\Jay\Documents\img20180723_14314519.pdf 2018-07-23 14:24 - 2018-07-23 14:24 - 000037676 _____ C:\Users\Jay\Documents\img20180723_14241696.pdf 2018-07-22 00:14 - 2018-07-22 00:15 - 000071781 _____ C:\Users\Jay\Documents\Hanig Erie Rate Consent.pdf 2018-07-22 00:13 - 2018-07-22 00:14 - 000037828 _____ C:\Users\Jay\Documents\Hanig Rev Mortgage.pdf 2018-07-18 12:53 - 2018-07-18 12:53 - 000000000 _____ C:\Users\Jay\Downloads\mag-summer2018-print.pdf 2018-07-16 06:01 - 2018-07-16 06:01 - 000000256 _____ C:\Users\Jay\Desktop\WF-3720WF-4720WF-4730 Series User's Guide.URL 2018-07-16 05:45 - 2018-07-16 05:45 - 000000000 _____ C:\WINDOWS\eeventmanager.INI ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-08-14 21:42 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-08-14 21:32 - 2018-05-01 21:45 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-08-14 21:32 - 2018-05-01 21:45 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-08-14 21:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-08-14 21:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-08-14 21:31 - 2018-05-01 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-08-14 21:14 - 2018-05-01 21:45 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task 2018-08-14 18:15 - 2018-07-11 23:54 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-08-14 13:21 - 2016-11-26 07:39 - 000000000 ____D C:\Users\Jay\AppData\LocalLow\Mozilla 2018-08-14 12:15 - 2015-08-22 14:27 - 000000000 ____D C:\Users\Jay\AppData\Roaming\KeeperData 2018-08-14 09:42 - 2015-08-23 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software 2018-08-14 03:26 - 2015-09-30 11:19 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-08-14 03:21 - 2015-08-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-08-14 03:20 - 2018-03-18 08:04 - 000001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk 2018-08-14 03:12 - 2018-05-01 21:35 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-08-14 03:12 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF 2018-08-14 03:12 - 2017-07-02 09:42 - 000000000 ____D C:\Users\Jay\AppData\Roaming\Keeper Agent 2018-08-14 03:12 - 2016-04-29 05:05 - 000000000 ___RD C:\Users\Jay\iCloudDrive 2018-08-14 03:12 - 2015-01-10 08:25 - 000000000 ___RD C:\Users\Jay\OneDrive 2018-08-14 03:11 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-08-14 03:11 - 2017-08-28 16:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-08-14 03:11 - 2015-01-10 08:23 - 000000000 __SHD C:\Users\Jay\IntelGraphicsProfiles 2018-08-14 03:10 - 2018-05-01 21:45 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-08-14 03:10 - 2018-05-01 21:45 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-08-14 03:09 - 2018-07-11 23:54 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-08-14 03:09 - 2018-07-11 23:54 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-08-14 03:09 - 2018-07-11 23:54 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-08-14 03:09 - 2018-02-02 17:26 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll 2018-08-14 03:09 - 2018-02-02 17:26 - 000230592 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2018-08-14 03:09 - 2017-08-28 16:23 - 000000000 ____D C:\Users\Public\Documents\PhoneTray 2018-08-14 03:09 - 2015-08-22 11:25 - 000002803 _____ C:\WINDOWS\system32\GManager.ini 2018-08-14 03:08 - 2018-05-01 21:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-08-14 03:08 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-08-14 03:08 - 2018-02-28 06:44 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJay.job 2018-08-13 19:51 - 2018-05-01 21:45 - 000003094 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater 2018-08-13 18:35 - 2018-02-02 17:26 - 000000000 ____D C:\ProgramData\WRData 2018-08-13 14:30 - 2018-05-01 21:45 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJay 2018-08-13 02:24 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-08-11 10:20 - 2018-05-01 21:45 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-514081183-2536853567-307929770-1001 2018-08-11 10:20 - 2018-05-01 21:26 - 000002406 _____ C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-08-09 05:47 - 2018-03-30 17:26 - 000001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-09 05:47 - 2018-03-30 17:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-09 05:47 - 2015-08-22 14:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-04 04:38 - 2013-11-19 00:50 - 000000000 ___RD C:\Users\Jay\Documents\Recipes 2018-07-27 10:34 - 2016-07-13 16:34 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2018-07-27 10:34 - 2016-07-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-07-27 10:34 - 2016-07-13 16:34 - 000000000 ____D C:\Program Files (x86)\Java 2018-07-27 01:29 - 2018-07-11 05:23 - 000000000 ____D C:\ProgramData\Packages 2018-07-26 09:18 - 2017-06-14 03:11 - 000045568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe 2018-07-26 08:29 - 2017-09-04 12:02 - 000002539 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk 2018-07-26 08:29 - 2017-06-14 03:10 - 000002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2018-07-23 14:34 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2018-07-22 10:14 - 2015-08-22 11:45 - 000000000 ____D C:\Users\Jay\AppData\Local\ElevatedDiagnostics 2018-07-20 22:03 - 2015-08-23 12:56 - 000000000 ____D C:\ProgramData\Garmin 2018-07-16 05:47 - 2018-07-14 15:30 - 000000945 _____ C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2}.job 2018-07-15 05:32 - 2018-07-11 23:54 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-07-15 05:32 - 2018-01-27 15:02 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======= 2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\en_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\es_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000021880 _____ (Schneider Electric) C:\Users\Jay\fr_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000021880 _____ (Schneider Electric) C:\Users\Jay\grm_res.dll 2013-12-21 01:37 - 2015-01-09 15:11 - 000229331 _____ () C:\Users\Jay\IP_Log_Data.js 2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\it_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000020344 _____ (Schneider Electric) C:\Users\Jay\jp_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 001079808 _____ (Microsoft Corporation) C:\Users\Jay\mfc80u.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000626688 _____ (Microsoft Corporation) C:\Users\Jay\msvcr80.dll 2013-03-22 07:00 - 2015-01-10 15:00 - 000583396 _____ () C:\Users\Jay\Network_Meter_Data.js 2011-12-08 17:21 - 2016-05-15 17:35 - 013923704 _____ (Schneider Electric) C:\Users\Jay\PCPE Setup.exe 2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\pt_res.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000018808 _____ () C:\Users\Jay\ResourceReader.dll 2011-12-08 17:21 - 2016-05-15 17:35 - 000020856 _____ (Schneider Electric) C:\Users\Jay\ru_res.dll 2012-02-14 07:18 - 2016-05-15 17:35 - 000019832 _____ (Schneider Electric) C:\Users\Jay\zh_res.dll 2017-02-16 16:30 - 2017-02-16 15:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc 2018-02-02 17:27 - 2018-02-02 17:27 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2018-01-06 12:20 - 2018-01-06 12:20 - 000002332 _____ () C:\Users\Jay\AppData\Local\9636217D427A449eAAEF06B5BC5A9E92.Layout2.lbx Some files in TEMP: ==================== 2018-08-14 11:49 - 2018-08-14 11:49 - 000695808 _____ () C:\Users\Jay\AppData\Local\Temp\sqlite-3.8.11.2-9533cb40-479b-438a-8dfc-5827eb654b2b-sqlitejdbc.dll 2018-07-14 14:59 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jay\AppData\Local\Temp\_is2FDF.exe 2018-07-14 15:29 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jay\AppData\Local\Temp\_is72A8.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-01 21:22 ==================== End of FRST.txt ============================
  8. Jay_Hanig
    Your system won't allow me to send the text of first.txt in the body of the reply here. HANIG-3.jpg shows you what I saw when I tried to submit it. I am (trying) to also attach addition.txt. I could always send you screen captures of the text in First.txt if you want. You wouldn't be able to manipulate the text but at least you could read it. Let me know what you want to do. Addition.txt
  9. Jay_Hanig
    Starting a couple of weeks ago, I have started seeing occasional screens claiming my McAfee subscription has just expired. The thing is, I don't have any McAfee products installed on my computer. Security is handled by Malwarebytes Premium v3.5.1 and Webroot SecureAnywhere v9.0.21.18 on my Windows 10 Home v1803 (64 bit) computer. So far, I've only noticed this on Firefox v61.0.2 (64bit). I haven't tried with any other browser, mostly since I despise most others and this is such a sporadic (every 2-3 day) event. I've scanned completely and Malwarebytes doesn't see anything. I've looked among my installed programs and see neither McAfee nor any obvious 3rd party scammer software. It always seems to happen when I'm away from the computer for a while. I come back and there it is. It goes away if I just close its tab... until the next time. There are no other obvious changes. Has anybody seen or heard of anything like this? If you have, how do I rid myself of this cockroach?
  10. Jay_Hanig
    Thanks, guys.
  11. Jay_Hanig
    I'm curious: I have three computers and while they're all powered up 24/7, I may not be logged in. Will scheduled scans still occur on all of them?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.