Jump to content

DrJ27

Members
  • Content Count

    8
  • Joined

  • Last visited

Everything posted by DrJ27

  1. I'll have to complete a clean boot onsite. Will update this week.
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by testlogin (12-04-2018 19:34:18) Run:1 Running from C:\Users\testlogin\Desktop Loaded Profiles: testlogin (Available Profiles: test login & testlogin & autowatch) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [EstimateReview] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2014-08-01] (Sun Microsystems, Inc.) CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx Task: {07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1181238D-3731-48DB-A71F-C29EF17A15AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {1DCE199D-133B-415D-8C7B-15B3D3FF504B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {3E122733-957C-47DD-9840-F4CAF625E51D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {5939E7B6-783F-4B0E-A051-6633BBCF5F1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {65049FB7-832F-49AA-B03D-9B9077DEE891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {7706706A-A442-4A09-831A-177AC780F745} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {78DB33CE-E10A-40B4-9476-7ABD6E436F2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {7D034336-A811-48A3-9F76-41CBBEF3665D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {871B1EF3-DB44-499E-B434-EE19677EC0DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {A90B1CEB-7301-4BA4-9A5E-4A342CE4004B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B83062D7-E48A-4579-AFE2-3494F655089C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {D1021B9F-AFDD-4ED6-980A-A915D436DF29} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {D8EA2052-EA01-4B8A-BAA6-26431753B847} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {E05C2AB0-46AB-46D3-AE19-C9DABB04636F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION C:\Program Files (x86)\Java\jre6 EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EstimateReview" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully "Chrome DefaultSearchURL" => removed successfully "Chrome DefaultSearchKeyword" => removed successfully "Chrome DefaultSuggestURL" => removed successfully "HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1181238D-3731-48DB-A71F-C29EF17A15AA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1181238D-3731-48DB-A71F-C29EF17A15AA}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCE199D-133B-415D-8C7B-15B3D3FF504B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCE199D-133B-415D-8C7B-15B3D3FF504B}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E122733-957C-47DD-9840-F4CAF625E51D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E122733-957C-47DD-9840-F4CAF625E51D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5939E7B6-783F-4B0E-A051-6633BBCF5F1B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5939E7B6-783F-4B0E-A051-6633BBCF5F1B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65049FB7-832F-49AA-B03D-9B9077DEE891}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65049FB7-832F-49AA-B03D-9B9077DEE891}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7706706A-A442-4A09-831A-177AC780F745}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7706706A-A442-4A09-831A-177AC780F745}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78DB33CE-E10A-40B4-9476-7ABD6E436F2E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DB33CE-E10A-40B4-9476-7ABD6E436F2E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D034336-A811-48A3-9F76-41CBBEF3665D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D034336-A811-48A3-9F76-41CBBEF3665D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871B1EF3-DB44-499E-B434-EE19677EC0DE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871B1EF3-DB44-499E-B434-EE19677EC0DE}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A90B1CEB-7301-4BA4-9A5E-4A342CE4004B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A90B1CEB-7301-4BA4-9A5E-4A342CE4004B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B83062D7-E48A-4579-AFE2-3494F655089C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B83062D7-E48A-4579-AFE2-3494F655089C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1021B9F-AFDD-4ED6-980A-A915D436DF29}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1021B9F-AFDD-4ED6-980A-A915D436DF29}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8EA2052-EA01-4B8A-BAA6-26431753B847}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8EA2052-EA01-4B8A-BAA6-26431753B847}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E05C2AB0-46AB-46D3-AE19-C9DABB04636F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05C2AB0-46AB-46D3-AE19-C9DABB04636F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully C:\Program Files (x86)\Java\jre6 => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 7888896 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 178601689 B Java, Flash, Steam htmlcache => 1080 B Windows/system/drivers => 535839913 B Edge => 17421 B Chrome => 640110139 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 50988 B NetworkService => 881912 B test login => 35401681 B testlogin => 970531065 B autowatch => 25167703 B RecycleBin => 177430449 B EmptyTemp: => 2.4 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-04-2018 19:43:58) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied. ==== End of Fixlog 19:43:58 ====
  3. If I choose Word it says something similar about not finding C:\Program.doc file.
  4. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/11/18 Scan Time: 6:03 PM Log File: 52b4a6d8-3ded-11e8-9e88-90489a9a178c.json Administrator: Yes -Software Information- Version: 3.4.5.2467 Components Version: 1.0.342 Update Package Version: 1.0.4704 License: Trial -System Information- OS: Windows 10 (Build 16299.309) CPU: x64 File System: NTFS User: EST2-MOD\testlogin -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 387433 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 8 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by testlogin (administrator) on EST2-MOD (11-04-2018 18:17:11) Running from C:\Users\testlogin\Desktop Loaded Profiles: testlogin & autowatch (Available Profiles: test login & testlogin & autowatch) Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe (KYOCERA Document Solutions Inc.) C:\Program Files\KDService\bin\KDService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (OEConnection) C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe (OEConnection, LLC) C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe (Mitchell International) C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Mitchell International) C:\Program Files (x86)\Mitchell\Communications\McDm.exe () C:\Users\testlogin\AppData\Local\Apps\2.0\LH6QKHZB.KTQ\P2546X4V.L31\auto..tion_d0308700f5f3d9cd_0002.0000_41c692a40d01fe63\Auto PartsBridge Monitor.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Mitchell) C:\Users\testlogin\AppData\Roaming\Mitchell\RepairCenterConnect\Mitchell.DesktopAgent.UI.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Tracker Software Products Ltd.) C:\Program Files (x86)\Mitchell\Support\UM\PDF-XChange 4\PdfSaver4.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-03-13] () HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-04] (LogMeIn, Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM-x32\...\Run: [EstimateReview] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2014-08-01] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [McDm] => C:\Program Files (x86)\Mitchell\Communications\McDm.exe [331776 2017-02-22] (Mitchell International) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1135\G2AWinLogon_x64.dll (Citrix Systems, Inc.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [BingSvc] => C:\Users\testlogin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-02] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [Mitchell Connect] => C:\Users\testlogin\AppData\Roaming\Mitchell\RepairCenterConnect\Mitchell.DesktopAgent.UI.exe [68856 2018-03-28] (Mitchell) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CollisionLink® Estimate Uploader.lnk [2016-05-20] ShortcutTarget: CollisionLink® Estimate Uploader.lnk -> C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe (OEConnection, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mitchell Communications Alert Checker.lnk [2017-11-12] ShortcutTarget: Mitchell Communications Alert Checker.lnk -> C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe (Mitchell International) Startup: C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto PartsBridge Desktop Notification System.lnk [2018-04-11] ShortcutTarget: Auto PartsBridge Desktop Notification System.lnk -> C:\Program Files (x86)\Auto PartsBridge Desktop Notification System\Auto PartsBridge Desktop Notification System.exe () Startup: C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto PartsBridge Monitor.appref-ms [2016-05-18] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.5.1 Tcpip\..\Interfaces\{57bfd6e8-27b0-464e-9b7d-b515fa9c3f06}: [NameServer] 192.168.5.1 Tcpip\..\Interfaces\{c55d0202-2eb7-41f6-8630-1cb420c0c737}: [DhcpNameServer] 192.168.5.1 Tcpip\..\Interfaces\{cab42d52-4c03-47b3-8522-3aca68bc5d52}: [DhcpNameServer] 192.168.5.1 Internet Explorer: ================== HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> DefaultScope {F48583DE-498F-42A9-87B5-4039247060D8} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {4ED08516-4F48-458D-A247-68D5D5DBBEB5} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL = SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {F48583DE-498F-42A9-87B5-4039247060D8} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1004 -> DefaultScope {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL = SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1004 -> {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-03] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-02-26] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-03] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-01] (Sun Microsystems, Inc.) DPF: HKLM-x32 {6158155F-A946-4971-894B-BD0779BDAD49} hxxps://toyota.autopartsbridge.com/APB_Estimate_Integration.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP10EP1-10115/support/ieatgpc1.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-03] (Oracle Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2116546233-1217922705-4240200989-1001: @citrixonline.com/appdetectorplugin -> C:\Users\testlogin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Users\testlogin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-01-22] (Cisco WebEx LLC) Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR Profile: C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default [2018-04-11] CHR Extension: (Slides) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-30] CHR Extension: (Docs) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-30] CHR Extension: (Google Drive) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-17] CHR Extension: (YouTube) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02] CHR Extension: (Google Search) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-23] CHR Extension: (Sheets) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-30] CHR Extension: (Google Docs Offline) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-17] CHR Extension: (Cisco WebEx Extension) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-04-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (Gmail) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23] CHR Extension: (Chrome Media Router) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-29] CHR Profile: C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-24] CHR HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.) S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET) R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET) R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1605832 2015-09-30] (ESET) S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET) S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1135\G2AC_Service.exe [310592 2015-07-08] (Citrix Systems, Inc.) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 KDService; C:\Program Files\KDService\bin\KDService.exe [441856 2013-10-24] (KYOCERA Document Solutions Inc.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-03-07] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [525288 2018-03-07] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R2 OECApplicationUpdaterService; C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [28672 2010-11-19] (OEConnection) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.) R3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2017-09-29] (ASIX Electronics Corp.) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [255272 2015-09-09] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [186272 2015-07-24] (ESET) R2 epfwwfpr; C:\WINDOWS\System32\DRIVERS\epfwwfpr.sys [169744 2015-07-24] (ESET) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] () R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-11] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-11] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-11] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-11] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-11] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R1 MpKsldcfd7275; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA3A3506-0507-436C-91DE-0FCDE7AEC610}\MpKsldcfd7275.sys [58120 2018-04-11] (Microsoft Corporation) S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation) S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-11 18:17 - 2018-04-11 18:18 - 000022060 _____ C:\Users\testlogin\Desktop\FRST.txt 2018-04-11 18:17 - 2018-04-11 18:17 - 000000000 ____D C:\FRST 2018-04-11 18:16 - 2018-04-11 07:14 - 002403328 _____ (Farbar) C:\Users\testlogin\Desktop\FRST64.exe 2018-04-11 18:14 - 2018-04-11 18:14 - 000001269 _____ C:\Users\testlogin\Desktop\Malwarebytes Scan.txt 2018-04-11 18:03 - 2018-04-11 18:04 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-04-11 18:03 - 2018-04-11 18:03 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-04-11 18:03 - 2018-04-11 18:03 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-04-11 18:03 - 2018-04-11 18:03 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-04-11 18:02 - 2018-04-11 18:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-04-11 18:02 - 2018-04-11 18:02 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\Program Files\Malwarebytes 2018-04-11 18:02 - 2018-04-11 07:14 - 072943704 _____ (Malwarebytes ) C:\Users\testlogin\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4678.exe 2018-04-11 18:02 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-04-11 14:10 - 2018-04-11 14:10 - 000037834 _____ C:\Users\testlogin\Desktop\Delisle 2014 Wrangler S1.1.pdf 2018-04-11 11:28 - 2018-04-11 11:29 - 000644686 _____ C:\Users\testlogin\Desktop\Delisle 2014 Wrangler S1.pdf 2018-04-11 10:13 - 2018-04-11 10:13 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2 (2).exe 2018-04-11 09:48 - 2018-04-11 09:48 - 000025333 _____ C:\Users\testlogin\Desktop\Vuong 2017 Pilot Estiamte.pdf 2018-04-11 08:59 - 2018-04-11 08:59 - 000027668 _____ C:\Users\testlogin\Desktop\Perez Tacoma Estimate.pdf 2018-04-11 08:55 - 2018-04-11 08:56 - 000000000 ____D C:\Users\testlogin\Desktop\Parts 2018-04-11 08:54 - 2018-04-11 08:56 - 000000000 ____D C:\Users\testlogin\Desktop\Allstate 2018-04-09 14:45 - 2018-04-09 14:45 - 000000000 ____D C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mitchell International 2018-04-09 14:44 - 2018-04-09 14:44 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2 (1).exe 2018-04-09 14:12 - 2018-04-09 14:12 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018 (2).pdf 2018-04-09 12:33 - 2018-04-09 12:33 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2.exe 2018-04-09 12:28 - 2018-04-09 12:28 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018 (1).pdf 2018-04-09 12:20 - 2018-04-09 12:20 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018.pdf 2018-04-05 12:13 - 2018-04-05 12:13 - 000064512 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_04_05_2018.pdf 2018-04-04 08:57 - 2018-04-04 08:57 - 000141312 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_04_2018 (1).pdf 2018-04-04 07:33 - 2018-04-04 07:33 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_04_2018.pdf 2018-03-30 16:35 - 2018-03-30 16:35 - 000068608 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_30_2018.pdf 2018-03-30 14:26 - 2018-03-30 14:26 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_30_2018 (1).pdf 2018-03-30 07:39 - 2018-03-30 07:39 - 003844864 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180122.2 (1).exe 2018-03-30 07:09 - 2018-03-30 07:09 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_30_2018.pdf 2018-03-29 11:41 - 2018-03-29 11:41 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_29_2018.pdf 2018-03-29 11:17 - 2018-03-29 11:17 - 000067584 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_29_2018.pdf 2018-03-28 16:57 - 2018-03-28 16:57 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_28_2018 (1).pdf 2018-03-28 14:28 - 2018-03-28 14:28 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_28_2018.pdf 2018-03-27 06:41 - 2018-03-27 06:41 - 000034304 _____ C:\Users\testlogin\Desktop\Copy of SHOP DRUM blank 2017.xls 2018-03-26 10:48 - 2018-03-26 10:48 - 003844864 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180122.2.exe 2018-03-23 12:18 - 2018-03-23 12:18 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_23_2018 (1).pdf 2018-03-23 10:48 - 2018-03-23 10:48 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_23_2018.pdf 2018-03-22 12:16 - 2018-03-22 12:16 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018 (2).pdf 2018-03-22 07:18 - 2018-03-22 07:18 - 000158720 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018.pdf 2018-03-22 07:18 - 2018-03-22 07:18 - 000158720 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018 (1).pdf 2018-03-22 07:18 - 2018-03-22 07:18 - 000066560 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_22_2018.pdf 2018-03-21 15:41 - 2018-03-21 15:41 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018 (2).pdf 2018-03-21 15:38 - 2018-03-21 15:38 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018 (1).pdf 2018-03-21 12:26 - 2018-03-21 12:26 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018.pdf 2018-03-20 16:07 - 2018-03-20 16:07 - 000142336 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_20_2018.pdf 2018-03-20 16:07 - 2018-03-20 16:07 - 000142336 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_20_2018 (1).pdf 2018-03-19 19:22 - 2018-03-02 14:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-03-19 19:22 - 2018-03-02 14:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-16 11:50 - 2018-03-16 11:50 - 003832072 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20171030.1 (3).exe 2018-03-15 07:37 - 2018-03-15 07:37 - 003832072 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20171030.1 (2).exe 2018-03-13 20:30 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-03-13 20:30 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-03-13 20:30 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-03-13 20:30 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-03-13 20:30 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-03-13 20:30 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-03-13 20:30 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-03-13 20:30 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-03-13 20:30 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-03-13 20:30 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-03-13 20:30 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-03-13 20:30 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-03-13 20:30 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-03-13 20:30 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2018-03-13 20:30 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-03-13 20:30 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-03-13 20:30 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-03-13 20:30 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-03-13 20:30 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-03-13 20:30 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-03-13 20:30 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-03-13 20:30 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-03-13 20:30 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-03-13 20:30 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-03-13 20:30 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-03-13 20:30 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-03-13 20:30 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-03-13 20:30 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-03-13 20:30 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-03-13 20:30 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2018-03-13 20:30 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-03-13 20:30 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-03-13 20:30 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-03-13 20:30 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-03-13 20:30 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-03-13 20:30 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2018-03-13 20:30 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-03-13 20:30 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-03-13 20:30 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-03-13 20:30 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-03-13 20:30 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-03-13 20:30 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-03-13 20:30 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-03-13 20:30 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-03-13 20:30 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-03-13 20:30 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-03-13 20:30 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-03-13 20:30 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-03-13 20:30 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-03-13 20:30 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-03-13 20:30 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-03-13 20:30 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-03-13 20:30 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-03-13 20:30 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-03-13 20:30 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-03-13 20:30 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2018-03-13 20:30 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-03-13 20:30 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-03-13 20:30 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-03-13 20:30 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-03-13 20:30 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2018-03-13 20:30 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-03-13 20:30 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-03-13 20:30 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-03-13 20:30 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2018-03-13 20:30 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-03-13 20:30 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-03-13 20:30 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-03-13 20:30 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-03-13 20:30 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-03-13 20:30 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-03-13 20:30 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-03-13 20:30 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-03-13 20:30 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-03-13 20:30 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-03-13 20:30 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-03-13 20:30 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-03-13 20:30 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-03-13 20:30 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-03-13 20:30 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-03-13 20:30 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-03-13 20:30 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-03-13 20:30 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-03-13 20:30 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-03-13 20:30 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-03-13 20:30 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-03-13 20:30 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-03-13 20:30 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-03-13 20:30 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-03-13 20:30 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2018-03-13 20:30 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-03-13 20:30 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-03-13 20:30 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-03-13 20:30 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-03-13 20:30 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-03-13 20:30 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2018-03-13 20:30 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2018-03-13 20:30 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-03-13 20:30 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-03-13 20:30 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-03-13 20:30 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-03-13 20:30 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2018-03-13 20:30 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-03-13 20:30 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-03-13 20:30 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2018-03-13 20:30 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-03-13 20:30 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-03-13 20:30 - 2018-02-21 17:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2018-03-13 20:29 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll 2018-03-13 20:29 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-03-13 20:29 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll 2018-03-13 20:29 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll 2018-03-13 20:29 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-03-13 20:29 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-03-13 20:29 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-03-13 20:29 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-03-13 20:29 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-03-13 20:29 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-03-13 20:29 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-03-13 20:29 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-03-13 20:29 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-03-13 20:29 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-03-13 20:29 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-03-13 20:29 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-03-13 20:29 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-03-13 20:29 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-03-13 20:29 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-03-13 20:29 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-03-13 20:29 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-03-13 20:29 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-03-13 20:29 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-03-13 20:29 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-03-13 20:29 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll 2018-03-13 20:29 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2018-03-13 20:29 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-03-13 20:29 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2018-03-13 20:29 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2018-03-13 20:29 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2018-03-13 20:29 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-03-13 20:29 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-03-13 20:29 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2018-03-13 20:29 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2018-03-13 20:29 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll 2018-03-13 20:29 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-03-13 20:29 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-03-13 20:29 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-03-13 20:29 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll 2018-03-13 20:29 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-03-13 20:29 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-03-13 20:29 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2018-03-13 20:29 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2018-03-13 20:29 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2018-03-13 20:29 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-03-13 20:29 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-03-13 20:29 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-03-13 20:29 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-03-13 20:29 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2018-03-13 20:29 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-03-13 20:29 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-03-13 20:29 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2018-03-13 20:29 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll 2018-03-13 20:29 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2018-03-13 20:29 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-03-13 20:29 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-03-13 20:29 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-03-13 20:29 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2018-03-13 20:29 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-03-13 20:29 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-03-13 20:29 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-03-13 20:29 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2018-03-13 20:29 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll 2018-03-13 20:29 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-03-13 20:29 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-03-13 20:29 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-03-13 20:29 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-03-13 20:29 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys 2018-03-13 20:29 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2018-03-13 20:29 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-03-13 20:29 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-03-13 20:29 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-03-13 20:29 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-03-13 20:29 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-03-13 20:29 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-03-12 20:29 - 2018-03-12 20:29 - 000003898 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2018-03-12 18:43 - 2018-03-12 18:43 - 000000000 ____D C:\Users\testlogin\AppData\LocalLow\PCDr 2018-03-12 18:29 - 2018-03-12 18:29 - 000003412 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask 2018-03-12 18:29 - 2018-03-12 18:29 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows 2018-03-12 18:29 - 2018-03-12 18:29 - 000000000 ____D C:\Program Files\Dell Support Center 2018-03-12 18:24 - 2018-03-12 18:45 - 000000000 ____D C:\Users\testlogin\AppData\Roaming\PCDr 2018-03-12 18:23 - 2018-03-12 20:26 - 000000000 ____D C:\Program Files\Dell 2018-03-12 18:23 - 2018-03-12 18:23 - 000000000 ____D C:\ProgramData\SupportAssist 2018-03-12 18:23 - 2018-03-12 18:23 - 000000000 ____D C:\ProgramData\Dell Inc 2018-03-12 18:22 - 2018-03-12 18:22 - 000398288 _____ (Oleg N. Scherbakov) C:\Users\testlogin\Downloads\SupportAssistLauncher.exe 2018-03-12 18:22 - 2018-03-12 18:22 - 000398288 _____ (Oleg N. Scherbakov) C:\Users\testlogin\Downloads\supportassistlauncher (1).exe 2018-03-12 12:37 - 2018-03-12 12:37 - 000000000 ____D C:\Program Files (x86)\MCT Corp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-11 18:01 - 2017-05-26 07:58 - 000000000 ____D C:\Users\testlogin\AppData\LocalLow\Mozilla 2018-04-11 18:00 - 2017-12-01 00:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-04-11 17:26 - 2017-12-01 00:30 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F8D1B77-FBE1-4B05-BD52-AE1D8900FA31} 2018-04-11 17:23 - 2014-12-14 08:21 - 000000000 ____D C:\ProgramData\LogMeIn 2018-04-11 16:14 - 2017-03-20 14:38 - 000000000 ___RD C:\Users\testlogin\Desktop\Dans Pics 2018-04-11 15:58 - 2014-07-28 18:30 - 000000000 ____D C:\Program Files (x86)\Estimate Review 2018-04-11 11:02 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-04-11 10:12 - 2017-12-01 07:37 - 000000000 ____D C:\Users\testlogin\AppData\Local\Deployment 2018-04-11 10:11 - 2017-07-31 08:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-04-11 10:11 - 2014-07-03 12:51 - 000000000 __SHD C:\Users\testlogin\IntelGraphicsProfiles 2018-04-11 10:10 - 2017-12-01 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-11 10:10 - 2014-12-14 08:21 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2018-04-11 10:09 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-04-11 09:41 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-04-11 08:56 - 2017-12-01 00:10 - 000000000 ____D C:\Users\testlogin\AppData\Local\Packages 2018-04-11 08:55 - 2017-04-20 15:01 - 000000000 ____D C:\Users\testlogin\Desktop\Dan's 2018-04-11 08:54 - 2017-04-20 08:41 - 000000000 ____D C:\Users\testlogin\Desktop\Pdfs 2018-04-11 08:53 - 2016-04-12 11:46 - 000000000 ____D C:\Users\testlogin\Desktop\OLD DESKSTOP FILES 2018-04-11 07:08 - 2014-07-02 14:49 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-04-11 07:06 - 2017-10-10 15:41 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-04-11 07:06 - 2014-07-02 14:49 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-04-10 20:00 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-04-10 19:46 - 2017-09-18 08:24 - 000001650 _____ C:\Users\Public\Desktop\UltraMate.lnk 2018-04-10 19:46 - 2014-07-02 18:29 - 000000372 _____ C:\WINDOWS\ODBC.INI 2018-04-10 19:46 - 2014-07-02 18:29 - 000000000 ____D C:\ProgramData\Mitchell 2018-04-10 19:40 - 2015-07-08 10:58 - 000002280 ____H C:\Users\testlogin\Documents\Default.rdp 2018-04-10 07:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache 2018-04-10 06:45 - 2017-03-08 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2018-04-10 06:45 - 2014-07-02 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-04-09 21:41 - 2017-12-01 00:08 - 001147680 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-09 18:42 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-04-09 12:33 - 2014-07-02 18:31 - 000000000 ____D C:\Users\testlogin\AppData\Local\Downloaded Installations 2018-04-07 09:10 - 2015-11-12 07:59 - 000003041 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2018-03-22 14:23 - 2015-09-23 13:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-22 14:23 - 2015-09-23 13:10 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-19 21:29 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF 2018-03-19 20:49 - 2017-12-01 00:30 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2116546233-1217922705-4240200989-1001 2018-03-19 20:49 - 2016-04-18 08:44 - 000002381 _____ C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-19 20:45 - 2014-10-21 16:10 - 000000000 ___RD C:\Users\testlogin\OneDrive 2018-03-19 19:24 - 2017-12-01 07:34 - 000000000 ___RD C:\Users\testlogin\3D Objects 2018-03-19 19:24 - 2016-02-13 06:22 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-19 19:24 - 2014-07-02 14:16 - 000000000 ___RD C:\Users\testlogin\Virtual Machines 2018-03-19 19:22 - 2017-12-01 00:03 - 000401392 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-03-19 07:24 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-03-15 17:01 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-03-13 20:38 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-03-13 20:38 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-03-12 19:46 - 2016-11-14 10:32 - 000000000 ____D C:\ProgramData\KDService 2018-03-12 19:17 - 2014-06-30 21:40 - 000000000 ____D C:\Temp 2018-03-12 18:34 - 2014-06-30 21:35 - 000000000 ____D C:\ProgramData\PCDr 2018-03-12 18:29 - 2014-06-30 21:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2018-03-12 12:38 - 2014-06-30 21:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information ==================== Files in the root of some directories ======= 2015-12-18 14:31 - 2015-12-18 14:31 - 000000000 _____ () C:\Users\testlogin\AppData\Roaming\Mitchell.DOWNLOADCHOICE 2015-12-18 15:12 - 2016-02-03 11:37 - 000000000 _____ () C:\Users\testlogin\AppData\Roaming\Mitchell.UPLOADCHOICE 2014-10-07 15:04 - 2016-06-13 09:43 - 000000174 _____ () C:\Users\testlogin\AppData\Roaming\MitchellDownloadWebEMSUtil.xml 2014-07-03 09:56 - 2016-06-30 11:41 - 000000250 _____ () C:\Users\testlogin\AppData\Roaming\MitchellUploadWebEMSUtil.xml 2014-07-07 07:45 - 2014-07-07 07:45 - 000000097 _____ () C:\Users\testlogin\AppData\Local\fusioncache.dat 2018-02-09 13:40 - 2018-02-09 13:40 - 000007603 _____ () C:\Users\testlogin\AppData\Local\Resmon.ResmonCfg 2016-04-13 11:30 - 2015-06-03 22:11 - 000016800 _____ () C:\Users\testlogin\AppData\Local\Z@!-8767263a-8012-4d38-8030-d0167f869bff.tmp 2016-04-13 11:30 - 2015-06-03 22:11 - 000016800 _____ () C:\Users\testlogin\AppData\Local\Z@!-cf15c21a-04de-4506-a0ce-6340c49686db.tmp 2016-04-13 11:30 - 2015-06-03 22:11 - 000015776 _____ () C:\Users\testlogin\AppData\Local\Z@S!-2d2e85a4-7a4b-4c6a-807d-32249f804b9b.tmp ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-10 07:24 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by testlogin (11-04-2018 18:19:23) Running from C:\Users\testlogin\Desktop Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-01 07:36:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2116546233-1217922705-4240200989-500 - Administrator - Disabled) ASPNET (S-1-5-21-2116546233-1217922705-4240200989-1003 - Limited - Enabled) autowatch (S-1-5-21-2116546233-1217922705-4240200989-1004 - Administrator - Enabled) => C:\Users\autowatch DefaultAccount (S-1-5-21-2116546233-1217922705-4240200989-503 - Limited - Disabled) Guest (S-1-5-21-2116546233-1217922705-4240200989-501 - Limited - Disabled) test login (S-1-5-21-2116546233-1217922705-4240200989-1000 - Administrator - Enabled) => C:\Users\test login testlogin (S-1-5-21-2116546233-1217922705-4240200989-1001 - Administrator - Enabled) => C:\Users\testlogin WDAGUtilityAccount (S-1-5-21-2116546233-1217922705-4240200989-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - ) Auto PartsBridge Monitor (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\bf95e15becd1b975) (Version: 2.0.0.8 - Infomedia Ltd) Auto PartsBridge Notification System (HKLM-x32\...\{21C10EB4-AB0B-0509-3BE1-8B53F4CEF968}) (Version: 3.5.1 - UNKNOWN) Hidden Auto PartsBridge Notification System (HKLM-x32\...\Auto-PartsBridge-Desktop-Notifier.BF37BA8ACE9B8F25F3CD0711D65A13EC48A69D56.1) (Version: 3.5.1 - UNKNOWN) AutoWatch Utility (HKLM-x32\...\{59327126-AEBC-42A2-89BE-25E0D91F4F61}) (Version: 3.4.3 - See Progress, Inc.) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) CCC ONE (HKLM-x32\...\{D143AFE1-CCDF-4308-B057-1F55E95553BA}) (Version: 3.9.8.1528 - CCC Information Services, Inc) CCC ONE Converter (HKLM-x32\...\{DF47708E-999C-4470-BC97-5FA4BA533A1C}) (Version: 1.5.20729.0 - CCC Information Services, Inc) CCC ONE Converter Update (HKLM-x32\...\{355B05F9-2C7B-4C8A-A061-CF775F813D49}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden CCC ONE Data Update (HKLM-x32\...\{5F4A81AE-9C7B-4943-A0C1-E381556E6D2D}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden CCC ONE Help Files Update (HKLM-x32\...\{697E2B36-94E9-4292-81AE-4BD570743E79}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden CCC ONE Program Update (HKLM-x32\...\{2D296D6D-E079-4741-812B-82090126AB25}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden CCC ONE Setup (HKLM-x32\...\CCCONE) (Version: - ) CCC ONE Timecard Update (HKLM-x32\...\{41FC0E90-943F-45A1-B7B8-77221528682B}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix) CollisionLink Shop (HKLM-x32\...\{D6627936-306F-40A3-A0EF-BAB19D4604E3}) (Version: 5.1.7 - OEConnection, LLC) CollisionLink® Estimate Uploader (HKLM-x32\...\{95D003C0-D142-4560-9A15-6B6F1F12D1E8}_is1) (Version: 3.128.1.0 - OEConnection) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Compliance Utility 4.6.0 (HKLM-x32\...\{89BC6FAD-64F3-4DEB-A2EB-02D80E613257}) (Version: 4.6.0 - Mitchell International) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) ESET Endpoint Antivirus (HKLM\...\{13189425-6C52-490A-9E5A-3B66DB545629}) (Version: 6.2.2033.0 - ESET, spol. s r.o.) ESET Remote Administrator Agent (HKLM\...\{A9A90B1E-2316-45EC-98A9-4173D159A171}) (Version: 6.2.190.0 - ESET, spol. s r.o.) EWF - CDX Control (HKLM-x32\...\{9B31B67A-EA1C-4854-84A4-016CB750B9D5}) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.4.0.1135 - Citrix Systems, Inc.) HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.13198.1083 - Hewlett-Packard) HP Officejet Pro 8620 Basic Device Software (HKLM\...\{B693607C-4611-4164-8167-E9F07A86EF6B}) (Version: 32.0.90.45518 - Hewlett-Packard Co.) hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM401DSService (HKLM-x32\...\{82A58AA3-13AB-47FE-B519-82A7138050B1}) (Version: 001.001.05874 - Hewlett-Packard) Hidden hppLaserJetService (HKLM-x32\...\{180D6813-95E0-415C-B58A-5B9493DE2DDA}) (Version: 009.027.00856 - Hewlett-Packard) Hidden hppM401LaserJetService (HKLM-x32\...\{04A6D409-95C9-4D9F-849A-E67FEEA2950C}) (Version: 001.019.00639 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) Kyocera TWAIN Driver (HKLM-x32\...\{545FD216-8BE6-423A-A5B7-00F8BF369FFB}) (Version: 2.0.3506 - KYOCERA Document Solutions Inc.) Hidden Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{545FD216-8BE6-423A-A5B7-00F8BF369FFB}) (Version: 2.0.3506 - KYOCERA Document Solutions Inc.) LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.) LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.) Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mitchell Communications 1.9.154 (HKLM-x32\...\{8EFF1EF8-9661-4979-91B4-C6E2F202BB2A}) (Version: 1.9.154 - Mitchell International) Mitchell Connect (HKLM-x32\...\{D4B683DF-B65B-4EB0-83E9-A61F4335734B}) (Version: 1.0.18029.1 - Mitchell International) Mitchell RepairCenter 22.143.556 (HKLM-x32\...\{545E6DE8-14E7-4D72-832D-B35ED511372A}) (Version: 22.143.556 - Mitchell International) Mitchell System Requirement Verification 1.1.4 (HKLM-x32\...\{C77BAC18-D555-4D44-8300-2747F03B0C25}) (Version: 1.1.4 - Mitchell International) Mitchell UltraMate 7.1.227 (HKLM-x32\...\{F2BE3ADF-2239-4000-897D-32AD57087A23}) (Version: 7.1.227 - Mitchell International) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.7.0.6655 - Mozilla) Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla) MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NuGen I T Trusted Applications (HKLM-x32\...\NuGen I T Trusted Applications) (Version: 2.2 - NuGen I T, Inc.) NuGen I T Trusted Sites (HKLM-x32\...\NuGen I T Trusted Sites) (Version: 1.0 - NuGen I T, Inc.) OEConnection Application Updater Service (HKLM-x32\...\{E8A5B228-436B-49A1-BBF8-81536BAD9954}) (Version: 1.5 - OEConnection) <==== ATTENTION Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden OPSTrax V2 (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\428637784e0336ee) (Version: 1.4.1.39 - Overall Parts Solutions) PDFX 2011 Lite DE (HKLM\...\{9EEEC987-7424-4A35-8843-054A8BCA71D1}_is1) (Version: 5.0.253.0 - Tracker Software Products Ltd) PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.195.0 - Tracker Software Products Ltd) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Raster-XChange (HKLM\...\Raster-XChange_is1) (Version: 1.10.0057.0000 - Tracker Software) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) USB Ethernet Adapter 15.01.0909.0194 (HKLM-x32\...\{AD8916AD-B5F0-4FFF-BA42-2EC09FED5A35}) (Version: 15.01.0909.0194 - MCT Corp) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {1181238D-3731-48DB-A71F-C29EF17A15AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {1DCE199D-133B-415D-8C7B-15B3D3FF504B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {262EE690-6C82-4EE6-A439-56DA3B7A3796} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {286EFEE6-E29C-4053-8383-FF397E5AC44B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {29D289E4-9CF3-45DC-B464-A6960C8CEF2F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3E122733-957C-47DD-9840-F4CAF625E51D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {531B051F-9441-4935-A33E-54D6D62F5BCF} - System32\Tasks\CollisionLink Tray Agent Watcher - (RVNUMi1NT0R0ZXN0bG9naW4=) => "C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEC_Tray_Agent_Monitor.vbs" [Argument = "C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe"] Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5939E7B6-783F-4B0E-A051-6633BBCF5F1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {59D13459-82BF-4960-A696-AC7A306E6426} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {5CACFE19-4E2C-4259-AB3E-DD4EEAAA4153} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation) Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {65049FB7-832F-49AA-B03D-9B9077DEE891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7706706A-A442-4A09-831A-177AC780F745} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {78DB33CE-E10A-40B4-9476-7ABD6E436F2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {7D034336-A811-48A3-9F76-41CBBEF3665D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {871B1EF3-DB44-499E-B434-EE19677EC0DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {8A731D89-A16A-4F8D-9343-9436EDBABAB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {A90B1CEB-7301-4BA4-9A5E-4A342CE4004B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {ACF72FEF-418D-46B7-B046-C632C2146E81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B40FF506-99F3-4BDB-BC31-88C91FBE4300} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation) Task: {B46E8684-47A8-4EA7-9FAB-3BD6F47D72C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.) Task: {B83062D7-E48A-4579-AFE2-3494F655089C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1} - \PCDEventLauncherTask -> No File <==== ATTENTION Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CF036445-8C61-4012-938A-AFD0D8B5061A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.) Task: {D1021B9F-AFDD-4ED6-980A-A915D436DF29} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {D8EA2052-EA01-4B8A-BAA6-26431753B847} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E05C2AB0-46AB-46D3-AE19-C9DABB04636F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EC0E8671-D186-4221-BA7F-34586C3D42E7} - System32\Tasks\ScanToPCActivationApp.exe_{466BFCD1-D284-4DD5-B6FB-CB8D2E5475DE} => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2013-09-11] (Hewlett-Packard Co.) Task: {F203AC41-490A-49AF-B27A-AF9AFF7F5EE6} - System32\Tasks\{3E6E9AD9-2A2B-4D07-AF3E-42AA989A35EF} => C:\Windows\system32\pcalua.exe -a C:\Users\testlogin\Desktop\dotnetfx35.exe -d C:\Users\testlogin\Desktop Task: {F415FA3D-9CD0-4EE3-BF33-33A83573984F} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {F5EA2285-DAFF-4A3B-B7A9-7D9470F1BDE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated) Task: {FDEECBB4-5971-4EFB-A0AB-D78025EDC1C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.) Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2014-07-02 18:54 - 2012-09-29 11:25 - 000409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL 2014-07-02 19:19 - 2012-09-29 11:25 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll 2017-06-22 11:18 - 2018-03-07 08:50 - 002914296 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll 2014-07-02 14:01 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2017-03-21 12:40 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2017-03-13 23:20 - 2017-03-13 23:20 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe 2018-03-13 20:29 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-03-13 20:30 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-03-27 02:28 - 2018-03-27 02:28 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-03-27 02:28 - 2018-03-27 02:28 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-03-27 02:28 - 2018-03-27 02:28 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-03-27 02:28 - 2018-03-27 02:28 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll 2018-01-19 09:11 - 2018-01-19 09:11 - 000636464 _____ () C:\Users\testlogin\AppData\Local\Apps\2.0\LH6QKHZB.KTQ\P2546X4V.L31\auto..tion_d0308700f5f3d9cd_0002.0000_41c692a40d01fe63\Auto PartsBridge Monitor.exe 2018-04-11 18:02 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-04-11 18:02 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-12-01 00:13 - 2017-12-01 00:13 - 000013312 _____ () C:\WINDOWS\assembly\GAC_MSIL\Mitchell.Platform.Appraisal.PendingAlerts\2.0.0.0__3bc11c3cab893eca\Mitchell.Platform.Appraisal.PendingAlerts.dll 2017-12-01 00:13 - 2017-12-01 00:13 - 000023040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Mitchell.Platform.Appraisal.Proxies.ServerProxy\2.0.0.0__0c4eff60b07f2fab\Mitchell.Platform.Appraisal.Proxies.ServerProxy.dll 2016-06-28 17:53 - 2016-06-28 17:53 - 000372736 _____ () C:\Program Files (x86)\Mitchell\Communications\McUmPgExtDb.dll 2018-01-19 14:19 - 2018-01-19 14:19 - 000022232 _____ () C:\Program Files (x86)\Mitchell\Support\UM\SSOLib.dll 2014-06-30 21:25 - 2013-12-09 15:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\aahassignments.com -> hxxps://aahassignments.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\collisiondataexchange.com -> hxxps://collisiondataexchange.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\electricautoclaims.com -> hxxps://electricautoclaims.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\ewfclaims.com -> hxxps://ewfclaims.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\farmersclaims.com -> hxxps://farmersclaims.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\fficassignments.com -> hxxps://fficassignments.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\grangeautoclaims.com -> hxxps://grangeautoclaims.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\innovation-connect.com -> hxxps://innovation-connect.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\mymitchell.com -> hxxps://www.mymitchell.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\qbeassignments.com -> hxxps://qbeassignments.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\reviewestimates.com -> hxxps://reviewestimates.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\shopbackroom.com -> shopbackroom.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\stateautoclaims.com -> hxxps://stateautoclaims.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\theshopofchoice.com -> hxxps://theshopofchoice.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\vehicleassignments.com -> hxxps://vehicleassignments.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\viewclaim.com -> hxxps://viewclaim.com IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\viewclaims.com -> hxxp://www.viewclaims.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\Control Panel\Desktop\\Wallpaper -> c:\users\testlogin\desktop\dan's\mp0dxeh.jpg HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg DNS Servers: 192.168.5.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "LogMeIn GUI" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "USB3MON" HKLM\...\StartupApproved\Run32: => "Dell Registration" HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A7950F4D-A02F-44B2-9BD5-72C50F5EB569}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{29787F87-B738-486C-95BB-469EEC0C318C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{8E105048-0154-4682-BFFE-13BAF46FB379}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{0D44C752-1BB4-4163-95E5-4FDC52D5BD39}] => (Allow) C:\Users\test login\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{A5C91B12-352D-499B-8689-19B2F35C026B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe FirewallRules: [{3A887EE0-AD5D-46FB-BCB7-F8DA6D2FBDFF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe FirewallRules: [{3B9A7D91-83DF-42BF-ACAC-5BF8718D1F6B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe FirewallRules: [{8E048C60-DF9B-408F-A972-445422A6F70E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe FirewallRules: [{25C51E2C-74C2-4AE8-B0EC-F2AD443846E8}] => (Allow) LPort=5357 FirewallRules: [{961C8A13-5597-40D4-918D-ADF89CDB76CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{0115CBFD-8541-4D77-B779-344D5BBF1B9E}] => (Allow) LPort=3702 FirewallRules: [{26B2B2EC-4E0D-4196-8CA0-CFEEEF5BAF94}] => (Allow) LPort=9244 FirewallRules: [TCP Query User{EFC9F383-6A36-475D-B9A2-DD2DC4AE4DB9}C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe] => (Allow) C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe FirewallRules: [UDP Query User{63517C95-C9A5-40F4-82CF-974A918EF706}C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe] => (Allow) C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe FirewallRules: [TCP Query User{21AD6FD8-BAF0-4AB7-8A1B-9E4936FF7CB0}C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe] => (Allow) C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe FirewallRules: [UDP Query User{9109B61A-131D-4D42-B47F-669BC7AB191F}C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe] => (Allow) C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe FirewallRules: [{17D9A8CA-9D4E-4F7D-95D2-86CDA8AB2B5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 26-03-2018 10:48:58 Installed Mitchell Connect. 05-04-2018 01:01:45 Scheduled Checkpoint 07-04-2018 11:47:18 Windows Modules Installer 09-04-2018 12:34:02 Installed Mitchell Connect. ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: rt640x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/11/2018 06:20:14 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:20:09 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:20:04 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:19:59 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:19:54 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:19:49 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:19:44 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. Error: (04/11/2018 06:19:39 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON. System errors: ============= Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2018 10:12:32 AM) (Source: DCOM) (EventID: 10016) (User: EST2-MOD) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user EST2-MOD\testlogin SID (S-1-5-21-2116546233-1217922705-4240200989-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/11/2018 10:11:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/11/2018 10:11:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (04/11/2018 10:10:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-04-10 08:45:33.061 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {A2F2C74C-E94F-450B-A4F5-97F20D69F8FE} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-10 08:34:08.283 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {758A1C82-3D17-44F3-9B0F-AED631DF9447} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-10 08:14:38.484 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {61417878-9876-44E3-AE39-0FD6EAAA0062} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-10 08:06:40.235 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D926F587-B5A6-444F-B89C-6C7849BAFB16} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-10 07:52:47.568 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {66177346-2FE6-4A77-A8F0-9E8CD4D817D1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-11 10:13:37.689 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80501002 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-04-11 10:13:37.688 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80501002 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-04-10 07:02:39.531 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.265.380.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14700.5 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-03-23 07:56:34.584 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80501002 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-03-23 07:56:34.584 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80501002 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2018-04-11 18:17:42.373 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:12:42.432 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:07:42.593 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:02:42.383 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:01:32.610 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:01:32.605 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:01:32.600 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-11 18:01:32.597 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz Percentage of memory in use: 63% Total physical RAM: 4012.95 MB Available physical RAM: 1452.89 MB Total Virtual: 8108.95 MB Available Virtual: 4814.42 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:442.94 GB) (Free:366.53 GB) NTFS Drive g: (KODAK) (Removable) (Total:7.39 GB) (Free:6.96 GB) FAT32 \\?\Volume{07b97ec4-00e7-11e4-a4c4-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:22.78 GB) (Free:11.58 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C80F96F4) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=22.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=442.9 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Protective MBR) (Size: 7.4 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  5. Hello, Have a Windows 10 box that keeps having the "How do you want to open this file" pop up. No file name or extension given. When I select Notepad it says "Cannot find the C:\Program.txt file. Do you want to create a new file? Thoughts?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.