DrJ27

April 15, 2018

I'll have to complete a clean boot onsite. Will update this week.

April 13, 2018

Still have it

April 13, 2018

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by testlogin (12-04-2018 19:34:18) Run:1
Running from C:\Users\testlogin\Desktop
Loaded Profiles: testlogin (Available Profiles: test login & testlogin & autowatch)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [EstimateReview] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2014-08-01] (Sun Microsystems, Inc.)

CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

Task: {07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1181238D-3731-48DB-A71F-C29EF17A15AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1DCE199D-133B-415D-8C7B-15B3D3FF504B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3E122733-957C-47DD-9840-F4CAF625E51D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5939E7B6-783F-4B0E-A051-6633BBCF5F1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {65049FB7-832F-49AA-B03D-9B9077DEE891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7706706A-A442-4A09-831A-177AC780F745} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78DB33CE-E10A-40B4-9476-7ABD6E436F2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D034336-A811-48A3-9F76-41CBBEF3665D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {871B1EF3-DB44-499E-B434-EE19677EC0DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A90B1CEB-7301-4BA4-9A5E-4A342CE4004B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B83062D7-E48A-4579-AFE2-3494F655089C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {D1021B9F-AFDD-4ED6-980A-A915D436DF29} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {D8EA2052-EA01-4B8A-BAA6-26431753B847} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {E05C2AB0-46AB-46D3-AE19-C9DABB04636F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

C:\Program Files (x86)\Java\jre6

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\EstimateReview" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1181238D-3731-48DB-A71F-C29EF17A15AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1181238D-3731-48DB-A71F-C29EF17A15AA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCE199D-133B-415D-8C7B-15B3D3FF504B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCE199D-133B-415D-8C7B-15B3D3FF504B}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E122733-957C-47DD-9840-F4CAF625E51D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E122733-957C-47DD-9840-F4CAF625E51D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5939E7B6-783F-4B0E-A051-6633BBCF5F1B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5939E7B6-783F-4B0E-A051-6633BBCF5F1B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65049FB7-832F-49AA-B03D-9B9077DEE891}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65049FB7-832F-49AA-B03D-9B9077DEE891}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7706706A-A442-4A09-831A-177AC780F745}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7706706A-A442-4A09-831A-177AC780F745}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78DB33CE-E10A-40B4-9476-7ABD6E436F2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78DB33CE-E10A-40B4-9476-7ABD6E436F2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D034336-A811-48A3-9F76-41CBBEF3665D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D034336-A811-48A3-9F76-41CBBEF3665D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871B1EF3-DB44-499E-B434-EE19677EC0DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871B1EF3-DB44-499E-B434-EE19677EC0DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A90B1CEB-7301-4BA4-9A5E-4A342CE4004B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A90B1CEB-7301-4BA4-9A5E-4A342CE4004B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B83062D7-E48A-4579-AFE2-3494F655089C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B83062D7-E48A-4579-AFE2-3494F655089C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1021B9F-AFDD-4ED6-980A-A915D436DF29}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1021B9F-AFDD-4ED6-980A-A915D436DF29}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8EA2052-EA01-4B8A-BAA6-26431753B847}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8EA2052-EA01-4B8A-BAA6-26431753B847}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E05C2AB0-46AB-46D3-AE19-C9DABB04636F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E05C2AB0-46AB-46D3-AE19-C9DABB04636F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
C:\Program Files (x86)\Java\jre6 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 178601689 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 535839913 B
Edge => 17421 B
Chrome => 640110139 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 50988 B
NetworkService => 881912 B
test login => 35401681 B
testlogin => 970531065 B
autowatch => 25167703 B

RecycleBin => 177430449 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-04-2018 19:43:58)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 19:43:58 ====

April 12, 2018

If I choose Word it says something similar about not finding C:\Program.doc file.

April 12, 2018

April 12, 2018

April 12, 2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/11/18
Scan Time: 6:03 PM
Log File: 52b4a6d8-3ded-11e8-9e88-90489a9a178c.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4704
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: EST2-MOD\testlogin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 387433
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 44 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by testlogin (administrator) on EST2-MOD (11-04-2018 18:17:11)
Running from C:\Users\testlogin\Desktop
Loaded Profiles: testlogin & autowatch (Available Profiles: test login & testlogin & autowatch)
Platform: Windows 10 Pro Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe
(KYOCERA Document Solutions Inc.) C:\Program Files\KDService\bin\KDService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(OEConnection) C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
(OEConnection, LLC) C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Mitchell International) C:\Program Files (x86)\Mitchell\Communications\McDm.exe
() C:\Users\testlogin\AppData\Local\Apps\2.0\LH6QKHZB.KTQ\P2546X4V.L31\auto..tion_d0308700f5f3d9cd_0002.0000_41c692a40d01fe63\Auto PartsBridge Monitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Mitchell) C:\Users\testlogin\AppData\Roaming\Mitchell\RepairCenterConnect\Mitchell.DesktopAgent.UI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Tracker Software Products Ltd.) C:\Program Files (x86)\Mitchell\Support\UM\PDF-XChange 4\PdfSaver4.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-03-13] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-04] (LogMeIn, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [EstimateReview] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2014-08-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [McDm] => C:\Program Files (x86)\Mitchell\Communications\McDm.exe [331776 2017-02-22] (Mitchell International)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1135\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [BingSvc] => C:\Users\testlogin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-02] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\Run: [Mitchell Connect] => C:\Users\testlogin\AppData\Roaming\Mitchell\RepairCenterConnect\Mitchell.DesktopAgent.UI.exe [68856 2018-03-28] (Mitchell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CollisionLink® Estimate Uploader.lnk [2016-05-20]
ShortcutTarget: CollisionLink® Estimate Uploader.lnk -> C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe (OEConnection, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mitchell Communications Alert Checker.lnk [2017-11-12]
ShortcutTarget: Mitchell Communications Alert Checker.lnk -> C:\Program Files (x86)\Mitchell\Communications\Mitchell.Platform.Appraisal.AlertChecker.WinApp.exe (Mitchell International)
Startup: C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto PartsBridge Desktop Notification System.lnk [2018-04-11]
ShortcutTarget: Auto PartsBridge Desktop Notification System.lnk -> C:\Program Files (x86)\Auto PartsBridge Desktop Notification System\Auto PartsBridge Desktop Notification System.exe ()
Startup: C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Auto PartsBridge Monitor.appref-ms [2016-05-18] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{57bfd6e8-27b0-464e-9b7d-b515fa9c3f06}: [NameServer] 192.168.5.1
Tcpip\..\Interfaces\{c55d0202-2eb7-41f6-8630-1cb420c0c737}: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{cab42d52-4c03-47b3-8522-3aca68bc5d52}: [DhcpNameServer] 192.168.5.1

Internet Explorer:
==================
HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> DefaultScope {F48583DE-498F-42A9-87B5-4039247060D8} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {4ED08516-4F48-458D-A247-68D5D5DBBEB5} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL =
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001 -> {F48583DE-498F-42A9-87B5-4039247060D8} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1004 -> DefaultScope {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL =
SearchScopes: HKU\S-1-5-21-2116546233-1217922705-4240200989-1004 -> {95D318C0-D0A5-49B8-BBE5-4A7C36BADBAC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-03] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2018-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-03] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-08-01] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6158155F-A946-4971-894B-BD0779BDAD49} hxxps://toyota.autopartsbridge.com/APB_Estimate_Integration.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP10EP1-10115/support/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-03] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2116546233-1217922705-4240200989-1001: @citrixonline.com/appdetectorplugin -> C:\Users\testlogin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\testlogin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-01-22] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default [2018-04-11]
CHR Extension: (Slides) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-30]
CHR Extension: (Docs) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-30]
CHR Extension: (Google Drive) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-17]
CHR Extension: (YouTube) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-23]
CHR Extension: (Sheets) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-17]
CHR Extension: (Cisco WebEx Extension) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-29]
CHR Profile: C:\Users\testlogin\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-24]
CHR HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
R2 EraAgentSvc; C:\Program Files\ESET\RemoteAdministrator\Agent\ERAAgent.exe [1605832 2015-09-30] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1135\G2AC_Service.exe [310592 2015-07-08] (Citrix Systems, Inc.)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 KDService; C:\Program Files\KDService\bin\KDService.exe [441856 2013-10-24] (KYOCERA Document Solutions Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-03-07] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [525288 2018-03-07] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 OECApplicationUpdaterService; C:\Program Files (x86)\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [28672 2010-11-19] (OEConnection) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-01] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
R3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2017-09-29] (ASIX Electronics Corp.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [255272 2015-09-09] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [186272 2015-07-24] (ESET)
R2 epfwwfpr; C:\WINDOWS\System32\DRIVERS\epfwwfpr.sys [169744 2015-07-24] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-04-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-04-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-04-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-04-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 MpKsldcfd7275; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA3A3506-0507-436C-91DE-0FCDE7AEC610}\MpKsldcfd7275.sys [58120 2018-04-11] (Microsoft Corporation)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-01] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 18:17 - 2018-04-11 18:18 - 000022060 _____ C:\Users\testlogin\Desktop\FRST.txt
2018-04-11 18:17 - 2018-04-11 18:17 - 000000000 ____D C:\FRST
2018-04-11 18:16 - 2018-04-11 07:14 - 002403328 _____ (Farbar) C:\Users\testlogin\Desktop\FRST64.exe
2018-04-11 18:14 - 2018-04-11 18:14 - 000001269 _____ C:\Users\testlogin\Desktop\Malwarebytes Scan.txt
2018-04-11 18:03 - 2018-04-11 18:04 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-11 18:03 - 2018-04-11 18:03 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-11 18:03 - 2018-04-11 18:03 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-11 18:03 - 2018-04-11 18:03 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-11 18:02 - 2018-04-11 18:02 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-11 18:02 - 2018-04-11 18:02 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-11 18:02 - 2018-04-11 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-11 18:02 - 2018-04-11 07:14 - 072943704 _____ (Malwarebytes ) C:\Users\testlogin\Desktop\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4678.exe
2018-04-11 18:02 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-11 14:10 - 2018-04-11 14:10 - 000037834 _____ C:\Users\testlogin\Desktop\Delisle 2014 Wrangler S1.1.pdf
2018-04-11 11:28 - 2018-04-11 11:29 - 000644686 _____ C:\Users\testlogin\Desktop\Delisle 2014 Wrangler S1.pdf
2018-04-11 10:13 - 2018-04-11 10:13 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2 (2).exe
2018-04-11 09:48 - 2018-04-11 09:48 - 000025333 _____ C:\Users\testlogin\Desktop\Vuong 2017 Pilot Estiamte.pdf
2018-04-11 08:59 - 2018-04-11 08:59 - 000027668 _____ C:\Users\testlogin\Desktop\Perez Tacoma Estimate.pdf
2018-04-11 08:55 - 2018-04-11 08:56 - 000000000 ____D C:\Users\testlogin\Desktop\Parts
2018-04-11 08:54 - 2018-04-11 08:56 - 000000000 ____D C:\Users\testlogin\Desktop\Allstate
2018-04-09 14:45 - 2018-04-09 14:45 - 000000000 ____D C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mitchell International
2018-04-09 14:44 - 2018-04-09 14:44 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2 (1).exe
2018-04-09 14:12 - 2018-04-09 14:12 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018 (2).pdf
2018-04-09 12:33 - 2018-04-09 12:33 - 003847008 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180328.2.exe
2018-04-09 12:28 - 2018-04-09 12:28 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018 (1).pdf
2018-04-09 12:20 - 2018-04-09 12:20 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_09_2018.pdf
2018-04-05 12:13 - 2018-04-05 12:13 - 000064512 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_04_05_2018.pdf
2018-04-04 08:57 - 2018-04-04 08:57 - 000141312 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_04_2018 (1).pdf
2018-04-04 07:33 - 2018-04-04 07:33 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_04_04_2018.pdf
2018-03-30 16:35 - 2018-03-30 16:35 - 000068608 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_30_2018.pdf
2018-03-30 14:26 - 2018-03-30 14:26 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_30_2018 (1).pdf
2018-03-30 07:39 - 2018-03-30 07:39 - 003844864 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180122.2 (1).exe
2018-03-30 07:09 - 2018-03-30 07:09 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_30_2018.pdf
2018-03-29 11:41 - 2018-03-29 11:41 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_29_2018.pdf
2018-03-29 11:17 - 2018-03-29 11:17 - 000067584 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_29_2018.pdf
2018-03-28 16:57 - 2018-03-28 16:57 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_28_2018 (1).pdf
2018-03-28 14:28 - 2018-03-28 14:28 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_28_2018.pdf
2018-03-27 06:41 - 2018-03-27 06:41 - 000034304 _____ C:\Users\testlogin\Desktop\Copy of SHOP DRUM blank 2017.xls
2018-03-26 10:48 - 2018-03-26 10:48 - 003844864 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20180122.2.exe
2018-03-23 12:18 - 2018-03-23 12:18 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_23_2018 (1).pdf
2018-03-23 10:48 - 2018-03-23 10:48 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_23_2018.pdf
2018-03-22 12:16 - 2018-03-22 12:16 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018 (2).pdf
2018-03-22 07:18 - 2018-03-22 07:18 - 000158720 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018.pdf
2018-03-22 07:18 - 2018-03-22 07:18 - 000158720 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_22_2018 (1).pdf
2018-03-22 07:18 - 2018-03-22 07:18 - 000066560 _____ C:\Users\testlogin\Downloads\Invoice_Summary_SHOP_03_22_2018.pdf
2018-03-21 15:41 - 2018-03-21 15:41 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018 (2).pdf
2018-03-21 15:38 - 2018-03-21 15:38 - 000139264 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018 (1).pdf
2018-03-21 12:26 - 2018-03-21 12:26 - 000140288 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_21_2018.pdf
2018-03-20 16:07 - 2018-03-20 16:07 - 000142336 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_20_2018.pdf
2018-03-20 16:07 - 2018-03-20 16:07 - 000142336 _____ C:\Users\testlogin\Downloads\Invoice_SHOP_03_20_2018 (1).pdf
2018-03-19 19:22 - 2018-03-02 14:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-19 19:22 - 2018-03-02 14:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-16 11:50 - 2018-03-16 11:50 - 003832072 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20171030.1 (3).exe
2018-03-15 07:37 - 2018-03-15 07:37 - 003832072 _____ (Mitchell International) C:\Users\testlogin\Downloads\Mitchell_Connect_Setup_20171030.1 (2).exe
2018-03-13 20:30 - 2018-03-01 20:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 20:30 - 2018-03-01 00:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 20:30 - 2018-03-01 00:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 20:30 - 2018-03-01 00:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 20:30 - 2018-03-01 00:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 20:30 - 2018-03-01 00:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 20:30 - 2018-03-01 00:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 20:30 - 2018-03-01 00:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 20:30 - 2018-03-01 00:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 20:30 - 2018-03-01 00:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 20:30 - 2018-03-01 00:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 20:30 - 2018-03-01 00:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 20:30 - 2018-03-01 00:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:30 - 2018-03-01 00:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 20:30 - 2018-03-01 00:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 20:30 - 2018-03-01 00:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 20:30 - 2018-03-01 00:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 20:30 - 2018-03-01 00:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 20:30 - 2018-03-01 00:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 20:30 - 2018-03-01 00:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 20:30 - 2018-02-28 23:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 20:30 - 2018-02-28 23:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 20:30 - 2018-02-28 23:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 20:30 - 2018-02-28 23:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 20:30 - 2018-02-28 23:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 20:30 - 2018-02-28 23:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 20:30 - 2018-02-28 23:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 20:30 - 2018-02-28 23:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 20:30 - 2018-02-28 23:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 20:30 - 2018-02-28 23:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 20:30 - 2018-02-28 23:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 20:30 - 2018-02-28 23:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 20:30 - 2018-02-28 23:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 20:30 - 2018-02-28 23:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 20:30 - 2018-02-28 23:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 20:30 - 2018-02-28 23:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 20:30 - 2018-02-28 23:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 20:30 - 2018-02-28 23:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 20:30 - 2018-02-28 23:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 20:30 - 2018-02-28 22:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 20:30 - 2018-02-28 22:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 20:30 - 2018-02-28 22:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 20:30 - 2018-02-28 22:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 20:30 - 2018-02-28 22:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 20:30 - 2018-02-28 22:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 20:30 - 2018-02-28 22:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 20:30 - 2018-02-28 22:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 20:30 - 2018-02-28 22:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 20:30 - 2018-02-28 22:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 20:30 - 2018-02-28 22:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 20:30 - 2018-02-28 22:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 20:30 - 2018-02-28 22:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 20:30 - 2018-02-28 22:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 20:30 - 2018-02-28 22:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 20:30 - 2018-02-28 22:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 20:30 - 2018-02-28 22:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 20:30 - 2018-02-28 22:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 20:30 - 2018-02-28 22:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 20:30 - 2018-02-28 22:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 20:30 - 2018-02-28 22:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 20:30 - 2018-02-28 22:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 20:30 - 2018-02-28 22:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 20:30 - 2018-02-28 22:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 20:30 - 2018-02-28 22:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 20:30 - 2018-02-28 22:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 20:30 - 2018-02-28 22:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 20:30 - 2018-02-28 22:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 20:30 - 2018-02-28 22:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 20:30 - 2018-02-28 22:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 20:30 - 2018-02-28 22:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 20:30 - 2018-02-28 22:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 20:30 - 2018-02-28 22:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 20:30 - 2018-02-28 22:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 20:30 - 2018-02-28 22:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 20:30 - 2018-02-28 22:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 20:30 - 2018-02-28 22:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 20:30 - 2018-02-28 22:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 20:30 - 2018-02-28 22:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 20:30 - 2018-02-28 22:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 20:30 - 2018-02-28 22:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 20:30 - 2018-02-28 22:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 20:30 - 2018-02-28 22:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 20:30 - 2018-02-28 22:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 20:30 - 2018-02-28 22:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 20:30 - 2018-02-28 22:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 20:30 - 2018-02-28 22:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 20:30 - 2018-02-21 19:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 20:30 - 2018-02-21 19:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 20:30 - 2018-02-21 19:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 20:30 - 2018-02-21 19:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 20:30 - 2018-02-21 19:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 20:30 - 2018-02-21 19:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 20:30 - 2018-02-21 19:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 20:30 - 2018-02-21 19:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 20:30 - 2018-02-21 19:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 20:30 - 2018-02-21 19:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 20:30 - 2018-02-21 19:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 20:30 - 2018-02-21 18:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 20:30 - 2018-02-21 18:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 20:30 - 2018-02-21 18:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 20:30 - 2018-02-21 18:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 20:30 - 2018-02-21 18:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 20:30 - 2018-02-21 18:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 20:30 - 2018-02-21 17:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 20:30 - 2018-02-21 17:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 20:30 - 2018-02-21 17:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 20:30 - 2018-02-21 17:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 20:30 - 2018-02-21 17:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-13 20:29 - 2018-03-01 20:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 20:29 - 2018-03-01 20:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 20:29 - 2018-03-01 20:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 20:29 - 2018-03-01 20:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 20:29 - 2018-03-01 20:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 20:29 - 2018-03-01 19:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 20:29 - 2018-03-01 13:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 20:29 - 2018-03-01 00:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 20:29 - 2018-03-01 00:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 20:29 - 2018-03-01 00:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 20:29 - 2018-03-01 00:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 20:29 - 2018-03-01 00:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 20:29 - 2018-03-01 00:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 20:29 - 2018-03-01 00:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 20:29 - 2018-03-01 00:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 20:29 - 2018-03-01 00:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 20:29 - 2018-03-01 00:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 20:29 - 2018-03-01 00:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 20:29 - 2018-03-01 00:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 20:29 - 2018-03-01 00:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 20:29 - 2018-03-01 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 20:29 - 2018-03-01 00:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 20:29 - 2018-03-01 00:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 20:29 - 2018-03-01 00:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 20:29 - 2018-03-01 00:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 20:29 - 2018-03-01 00:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 20:29 - 2018-03-01 00:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 20:29 - 2018-03-01 00:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 20:29 - 2018-03-01 00:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 20:29 - 2018-03-01 00:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 20:29 - 2018-02-28 23:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 20:29 - 2018-02-28 23:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 20:29 - 2018-02-28 23:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 20:29 - 2018-02-28 23:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 20:29 - 2018-02-28 23:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 20:29 - 2018-02-28 23:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 20:29 - 2018-02-28 23:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 20:29 - 2018-02-28 22:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 20:29 - 2018-02-28 22:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 20:29 - 2018-02-28 22:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 20:29 - 2018-02-28 22:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 20:29 - 2018-02-28 22:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 20:29 - 2018-02-28 22:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 20:29 - 2018-02-28 22:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 20:29 - 2018-02-28 22:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 20:29 - 2018-02-28 22:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 20:29 - 2018-02-28 22:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 20:29 - 2018-02-28 22:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 20:29 - 2018-02-28 22:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 20:29 - 2018-02-28 22:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 20:29 - 2018-02-28 22:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 20:29 - 2018-02-28 22:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 20:29 - 2018-02-28 22:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 20:29 - 2018-02-28 22:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 20:29 - 2018-02-28 22:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 20:29 - 2018-02-28 22:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 20:29 - 2018-02-28 22:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 20:29 - 2018-02-28 22:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 20:29 - 2018-02-28 22:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 20:29 - 2018-02-28 22:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 20:29 - 2018-02-28 22:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 20:29 - 2018-02-28 22:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 20:29 - 2018-02-28 22:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 20:29 - 2018-02-21 19:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 20:29 - 2018-02-21 19:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 20:29 - 2018-02-21 19:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 20:29 - 2018-02-21 19:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 20:29 - 2018-02-21 19:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 20:29 - 2018-02-21 18:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 20:29 - 2018-02-21 18:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 20:29 - 2018-02-21 17:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 20:29 - 2018-02-21 17:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 20:29 - 2018-02-21 17:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 20:29 - 2018-02-21 17:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 20:29 - 2018-02-21 17:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-12 20:29 - 2018-03-12 20:29 - 000003898 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2018-03-12 18:43 - 2018-03-12 18:43 - 000000000 ____D C:\Users\testlogin\AppData\LocalLow\PCDr
2018-03-12 18:29 - 2018-03-12 18:29 - 000003412 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2018-03-12 18:29 - 2018-03-12 18:29 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2018-03-12 18:29 - 2018-03-12 18:29 - 000000000 ____D C:\Program Files\Dell Support Center
2018-03-12 18:24 - 2018-03-12 18:45 - 000000000 ____D C:\Users\testlogin\AppData\Roaming\PCDr
2018-03-12 18:23 - 2018-03-12 20:26 - 000000000 ____D C:\Program Files\Dell
2018-03-12 18:23 - 2018-03-12 18:23 - 000000000 ____D C:\ProgramData\SupportAssist
2018-03-12 18:23 - 2018-03-12 18:23 - 000000000 ____D C:\ProgramData\Dell Inc
2018-03-12 18:22 - 2018-03-12 18:22 - 000398288 _____ (Oleg N. Scherbakov) C:\Users\testlogin\Downloads\SupportAssistLauncher.exe
2018-03-12 18:22 - 2018-03-12 18:22 - 000398288 _____ (Oleg N. Scherbakov) C:\Users\testlogin\Downloads\supportassistlauncher (1).exe
2018-03-12 12:37 - 2018-03-12 12:37 - 000000000 ____D C:\Program Files (x86)\MCT Corp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-11 18:01 - 2017-05-26 07:58 - 000000000 ____D C:\Users\testlogin\AppData\LocalLow\Mozilla
2018-04-11 18:00 - 2017-12-01 00:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-11 17:26 - 2017-12-01 00:30 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5F8D1B77-FBE1-4B05-BD52-AE1D8900FA31}
2018-04-11 17:23 - 2014-12-14 08:21 - 000000000 ____D C:\ProgramData\LogMeIn
2018-04-11 16:14 - 2017-03-20 14:38 - 000000000 ___RD C:\Users\testlogin\Desktop\Dans Pics
2018-04-11 15:58 - 2014-07-28 18:30 - 000000000 ____D C:\Program Files (x86)\Estimate Review
2018-04-11 11:02 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 10:12 - 2017-12-01 07:37 - 000000000 ____D C:\Users\testlogin\AppData\Local\Deployment
2018-04-11 10:11 - 2017-07-31 08:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-11 10:11 - 2014-07-03 12:51 - 000000000 __SHD C:\Users\testlogin\IntelGraphicsProfiles
2018-04-11 10:10 - 2017-12-01 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-11 10:10 - 2014-12-14 08:21 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2018-04-11 10:09 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-04-11 09:41 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-11 08:56 - 2017-12-01 00:10 - 000000000 ____D C:\Users\testlogin\AppData\Local\Packages
2018-04-11 08:55 - 2017-04-20 15:01 - 000000000 ____D C:\Users\testlogin\Desktop\Dan's
2018-04-11 08:54 - 2017-04-20 08:41 - 000000000 ____D C:\Users\testlogin\Desktop\Pdfs
2018-04-11 08:53 - 2016-04-12 11:46 - 000000000 ____D C:\Users\testlogin\Desktop\OLD DESKSTOP FILES
2018-04-11 07:08 - 2014-07-02 14:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 07:06 - 2017-10-10 15:41 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 07:06 - 2014-07-02 14:49 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-10 20:00 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-10 19:46 - 2017-09-18 08:24 - 000001650 _____ C:\Users\Public\Desktop\UltraMate.lnk
2018-04-10 19:46 - 2014-07-02 18:29 - 000000372 _____ C:\WINDOWS\ODBC.INI
2018-04-10 19:46 - 2014-07-02 18:29 - 000000000 ____D C:\ProgramData\Mitchell
2018-04-10 19:40 - 2015-07-08 10:58 - 000002280 ____H C:\Users\testlogin\Documents\Default.rdp
2018-04-10 07:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-10 06:45 - 2017-03-08 12:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-04-10 06:45 - 2014-07-02 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-09 21:41 - 2017-12-01 00:08 - 001147680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-09 18:42 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 12:33 - 2014-07-02 18:31 - 000000000 ____D C:\Users\testlogin\AppData\Local\Downloaded Installations
2018-04-07 09:10 - 2015-11-12 07:59 - 000003041 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2018-03-22 14:23 - 2015-09-23 13:10 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-22 14:23 - 2015-09-23 13:10 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 21:29 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-19 20:49 - 2017-12-01 00:30 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2116546233-1217922705-4240200989-1001
2018-03-19 20:49 - 2016-04-18 08:44 - 000002381 _____ C:\Users\testlogin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-19 20:45 - 2014-10-21 16:10 - 000000000 ___RD C:\Users\testlogin\OneDrive
2018-03-19 19:24 - 2017-12-01 07:34 - 000000000 ___RD C:\Users\testlogin\3D Objects
2018-03-19 19:24 - 2016-02-13 06:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-19 19:24 - 2014-07-02 14:16 - 000000000 ___RD C:\Users\testlogin\Virtual Machines
2018-03-19 19:22 - 2017-12-01 00:03 - 000401392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-19 19:14 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-19 07:24 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-15 17:01 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-13 20:38 - 2017-09-29 06:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 20:38 - 2017-09-29 06:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-12 19:46 - 2016-11-14 10:32 - 000000000 ____D C:\ProgramData\KDService
2018-03-12 19:17 - 2014-06-30 21:40 - 000000000 ____D C:\Temp
2018-03-12 18:34 - 2014-06-30 21:35 - 000000000 ____D C:\ProgramData\PCDr
2018-03-12 18:29 - 2014-06-30 21:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-03-12 12:38 - 2014-06-30 21:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2015-12-18 14:31 - 2015-12-18 14:31 - 000000000 _____ () C:\Users\testlogin\AppData\Roaming\Mitchell.DOWNLOADCHOICE
2015-12-18 15:12 - 2016-02-03 11:37 - 000000000 _____ () C:\Users\testlogin\AppData\Roaming\Mitchell.UPLOADCHOICE
2014-10-07 15:04 - 2016-06-13 09:43 - 000000174 _____ () C:\Users\testlogin\AppData\Roaming\MitchellDownloadWebEMSUtil.xml
2014-07-03 09:56 - 2016-06-30 11:41 - 000000250 _____ () C:\Users\testlogin\AppData\Roaming\MitchellUploadWebEMSUtil.xml
2014-07-07 07:45 - 2014-07-07 07:45 - 000000097 _____ () C:\Users\testlogin\AppData\Local\fusioncache.dat
2018-02-09 13:40 - 2018-02-09 13:40 - 000007603 _____ () C:\Users\testlogin\AppData\Local\Resmon.ResmonCfg
2016-04-13 11:30 - 2015-06-03 22:11 - 000016800 _____ () C:\Users\testlogin\AppData\Local\Z@!-8767263a-8012-4d38-8030-d0167f869bff.tmp
2016-04-13 11:30 - 2015-06-03 22:11 - 000016800 _____ () C:\Users\testlogin\AppData\Local\Z@!-cf15c21a-04de-4506-a0ce-6340c49686db.tmp
2016-04-13 11:30 - 2015-06-03 22:11 - 000015776 _____ () C:\Users\testlogin\AppData\Local\Z@S!-2d2e85a4-7a4b-4c6a-807d-32249f804b9b.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-10 07:24

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by testlogin (11-04-2018 18:19:23)
Running from C:\Users\testlogin\Desktop
Windows 10 Pro Version 1709 16299.309 (X64) (2017-12-01 07:36:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2116546233-1217922705-4240200989-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2116546233-1217922705-4240200989-1003 - Limited - Enabled)
autowatch (S-1-5-21-2116546233-1217922705-4240200989-1004 - Administrator - Enabled) => C:\Users\autowatch
DefaultAccount (S-1-5-21-2116546233-1217922705-4240200989-503 - Limited - Disabled)
Guest (S-1-5-21-2116546233-1217922705-4240200989-501 - Limited - Disabled)
test login (S-1-5-21-2116546233-1217922705-4240200989-1000 - Administrator - Enabled) => C:\Users\test login
testlogin (S-1-5-21-2116546233-1217922705-4240200989-1001 - Administrator - Enabled) => C:\Users\testlogin
WDAGUtilityAccount (S-1-5-21-2116546233-1217922705-4240200989-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Auto PartsBridge Monitor (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\bf95e15becd1b975) (Version: 2.0.0.8 - Infomedia Ltd)
Auto PartsBridge Notification System (HKLM-x32\...\{21C10EB4-AB0B-0509-3BE1-8B53F4CEF968}) (Version: 3.5.1 - UNKNOWN) Hidden
Auto PartsBridge Notification System (HKLM-x32\...\Auto-PartsBridge-Desktop-Notifier.BF37BA8ACE9B8F25F3CD0711D65A13EC48A69D56.1) (Version: 3.5.1 - UNKNOWN)
AutoWatch Utility (HKLM-x32\...\{59327126-AEBC-42A2-89BE-25E0D91F4F61}) (Version: 3.4.3 - See Progress, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
CCC ONE (HKLM-x32\...\{D143AFE1-CCDF-4308-B057-1F55E95553BA}) (Version: 3.9.8.1528 - CCC Information Services, Inc)
CCC ONE Converter (HKLM-x32\...\{DF47708E-999C-4470-BC97-5FA4BA533A1C}) (Version: 1.5.20729.0 - CCC Information Services, Inc)
CCC ONE Converter Update (HKLM-x32\...\{355B05F9-2C7B-4C8A-A061-CF775F813D49}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden
CCC ONE Data Update (HKLM-x32\...\{5F4A81AE-9C7B-4943-A0C1-E381556E6D2D}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden
CCC ONE Help Files Update (HKLM-x32\...\{697E2B36-94E9-4292-81AE-4BD570743E79}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden
CCC ONE Program Update (HKLM-x32\...\{2D296D6D-E079-4741-812B-82090126AB25}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden
CCC ONE Setup (HKLM-x32\...\CCCONE) (Version: - )
CCC ONE Timecard Update (HKLM-x32\...\{41FC0E90-943F-45A1-B7B8-77221528682B}) (Version: 2.0.223 - CCC Information Services Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CollisionLink Shop (HKLM-x32\...\{D6627936-306F-40A3-A0EF-BAB19D4604E3}) (Version: 5.1.7 - OEConnection, LLC)
CollisionLink® Estimate Uploader (HKLM-x32\...\{95D003C0-D142-4560-9A15-6B6F1F12D1E8}_is1) (Version: 3.128.1.0 - OEConnection)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Compliance Utility 4.6.0 (HKLM-x32\...\{89BC6FAD-64F3-4DEB-A2EB-02D80E613257}) (Version: 4.6.0 - Mitchell International)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Endpoint Antivirus (HKLM\...\{13189425-6C52-490A-9E5A-3B66DB545629}) (Version: 6.2.2033.0 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{A9A90B1E-2316-45EC-98A9-4173D159A171}) (Version: 6.2.190.0 - ESET, spol. s r.o.)
EWF - CDX Control (HKLM-x32\...\{9B31B67A-EA1C-4854-84A4-016CB750B9D5}) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.4.0.1135 - Citrix Systems, Inc.)
HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.13198.1083 - Hewlett-Packard)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{B693607C-4611-4164-8167-E9F07A86EF6B}) (Version: 32.0.90.45518 - Hewlett-Packard Co.)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM401DSService (HKLM-x32\...\{82A58AA3-13AB-47FE-B519-82A7138050B1}) (Version: 001.001.05874 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{180D6813-95E0-415C-B58A-5B9493DE2DDA}) (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM401LaserJetService (HKLM-x32\...\{04A6D409-95C9-4D9F-849A-E67FEEA2950C}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java(TM) 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (HKLM-x32\...\{545FD216-8BE6-423A-A5B7-00F8BF369FFB}) (Version: 2.0.3506 - KYOCERA Document Solutions Inc.) Hidden
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{545FD216-8BE6-423A-A5B7-00F8BF369FFB}) (Version: 2.0.3506 - KYOCERA Document Solutions Inc.)
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.5007.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mitchell Communications 1.9.154 (HKLM-x32\...\{8EFF1EF8-9661-4979-91B4-C6E2F202BB2A}) (Version: 1.9.154 - Mitchell International)
Mitchell Connect (HKLM-x32\...\{D4B683DF-B65B-4EB0-83E9-A61F4335734B}) (Version: 1.0.18029.1 - Mitchell International)
Mitchell RepairCenter 22.143.556 (HKLM-x32\...\{545E6DE8-14E7-4D72-832D-B35ED511372A}) (Version: 22.143.556 - Mitchell International)
Mitchell System Requirement Verification 1.1.4 (HKLM-x32\...\{C77BAC18-D555-4D44-8300-2747F03B0C25}) (Version: 1.1.4 - Mitchell International)
Mitchell UltraMate 7.1.227 (HKLM-x32\...\{F2BE3ADF-2239-4000-897D-32AD57087A23}) (Version: 7.1.227 - Mitchell International)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.7.0.6655 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NuGen I T Trusted Applications (HKLM-x32\...\NuGen I T Trusted Applications) (Version: 2.2 - NuGen I T, Inc.)
NuGen I T Trusted Sites (HKLM-x32\...\NuGen I T Trusted Sites) (Version: 1.0 - NuGen I T, Inc.)
OEConnection Application Updater Service (HKLM-x32\...\{E8A5B228-436B-49A1-BBF8-81536BAD9954}) (Version: 1.5 - OEConnection) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5007.1000 - Microsoft Corporation) Hidden
OPSTrax V2 (HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\428637784e0336ee) (Version: 1.4.1.39 - Overall Parts Solutions)
PDFX 2011 Lite DE (HKLM\...\{9EEEC987-7424-4A35-8843-054A8BCA71D1}_is1) (Version: 5.0.253.0 - Tracker Software Products Ltd)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.195.0 - Tracker Software Products Ltd)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Raster-XChange (HKLM\...\Raster-XChange_is1) (Version: 1.10.0057.0000 - Tracker Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
USB Ethernet Adapter 15.01.0909.0194 (HKLM-x32\...\{AD8916AD-B5F0-4FFF-BA42-2EC09FED5A35}) (Version: 15.01.0909.0194 - MCT Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2015-10-02] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E1E6BE-BCF6-4811-9C87-4CC3E0D53D58} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1181238D-3731-48DB-A71F-C29EF17A15AA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1DCE199D-133B-415D-8C7B-15B3D3FF504B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {262EE690-6C82-4EE6-A439-56DA3B7A3796} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {286EFEE6-E29C-4053-8383-FF397E5AC44B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29D289E4-9CF3-45DC-B464-A6960C8CEF2F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E122733-957C-47DD-9840-F4CAF625E51D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3E2ABA8F-C5D1-4C37-A843-595FEF4A41A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {531B051F-9441-4935-A33E-54D6D62F5BCF} - System32\Tasks\CollisionLink Tray Agent Watcher - (RVNUMi1NT0R0ZXN0bG9naW4=) => "C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEC_Tray_Agent_Monitor.vbs" [Argument = "C:\Program Files (x86)\OEConnection\CollisionLink® Estimate Uploader\OEConnection.CollisionLink.Shop.TrayAgent.exe"]
Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5939E7B6-783F-4B0E-A051-6633BBCF5F1B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {59D13459-82BF-4960-A696-AC7A306E6426} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {5CACFE19-4E2C-4259-AB3E-DD4EEAAA4153} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65049FB7-832F-49AA-B03D-9B9077DEE891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7706706A-A442-4A09-831A-177AC780F745} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78DB33CE-E10A-40B4-9476-7ABD6E436F2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D034336-A811-48A3-9F76-41CBBEF3665D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {871B1EF3-DB44-499E-B434-EE19677EC0DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8A731D89-A16A-4F8D-9343-9436EDBABAB3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {8B4ACCFE-95D8-40FD-B8CB-5A9A1A98A463} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A90B1CEB-7301-4BA4-9A5E-4A342CE4004B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ACF72FEF-418D-46B7-B046-C632C2146E81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B40FF506-99F3-4BDB-BC31-88C91FBE4300} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-01] (Microsoft Corporation)
Task: {B46E8684-47A8-4EA7-9FAB-3BD6F47D72C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {B83062D7-E48A-4579-AFE2-3494F655089C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CDC74863-5DA1-46B5-BC4D-10E6F7D4A8B1} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CF036445-8C61-4012-938A-AFD0D8B5061A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)
Task: {D1021B9F-AFDD-4ED6-980A-A915D436DF29} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {D8EA2052-EA01-4B8A-BAA6-26431753B847} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E05C2AB0-46AB-46D3-AE19-C9DABB04636F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EC0E8671-D186-4221-BA7F-34586C3D42E7} - System32\Tasks\ScanToPCActivationApp.exe_{466BFCD1-D284-4DD5-B6FB-CB8D2E5475DE} => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2013-09-11] (Hewlett-Packard Co.)
Task: {F203AC41-490A-49AF-B27A-AF9AFF7F5EE6} - System32\Tasks\{3E6E9AD9-2A2B-4D07-AF3E-42AA989A35EF} => C:\Windows\system32\pcalua.exe -a C:\Users\testlogin\Desktop\dotnetfx35.exe -d C:\Users\testlogin\Desktop
Task: {F415FA3D-9CD0-4EE3-BF33-33A83573984F} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F5EA2285-DAFF-4A3B-B7A9-7D9470F1BDE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {FDEECBB4-5971-4EFB-A0AB-D78025EDC1C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-07-02 18:54 - 2012-09-29 11:25 - 000409088 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2014-07-02 19:19 - 2012-09-29 11:25 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2017-06-22 11:18 - 2018-03-07 08:50 - 002914296 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll
2014-07-02 14:01 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-21 12:40 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-13 23:20 - 2017-03-13 23:20 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-13 20:29 - 2018-02-21 17:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 20:30 - 2018-02-21 17:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-27 02:28 - 2018-03-27 02:28 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-27 02:28 - 2018-03-27 02:28 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-27 02:28 - 2018-03-27 02:28 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-27 02:28 - 2018-03-27 02:28 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.1000_x64__kzf8qxf38zg5c\skypert.dll
2018-01-19 09:11 - 2018-01-19 09:11 - 000636464 _____ () C:\Users\testlogin\AppData\Local\Apps\2.0\LH6QKHZB.KTQ\P2546X4V.L31\auto..tion_d0308700f5f3d9cd_0002.0000_41c692a40d01fe63\Auto PartsBridge Monitor.exe
2018-04-11 18:02 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:02 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-01 00:13 - 2017-12-01 00:13 - 000013312 _____ () C:\WINDOWS\assembly\GAC_MSIL\Mitchell.Platform.Appraisal.PendingAlerts\2.0.0.0__3bc11c3cab893eca\Mitchell.Platform.Appraisal.PendingAlerts.dll
2017-12-01 00:13 - 2017-12-01 00:13 - 000023040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Mitchell.Platform.Appraisal.Proxies.ServerProxy\2.0.0.0__0c4eff60b07f2fab\Mitchell.Platform.Appraisal.Proxies.ServerProxy.dll
2016-06-28 17:53 - 2016-06-28 17:53 - 000372736 _____ () C:\Program Files (x86)\Mitchell\Communications\McUmPgExtDb.dll
2018-01-19 14:19 - 2018-01-19 14:19 - 000022232 _____ () C:\Program Files (x86)\Mitchell\Support\UM\SSOLib.dll
2014-06-30 21:25 - 2013-12-09 15:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\aahassignments.com -> hxxps://aahassignments.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\collisiondataexchange.com -> hxxps://collisiondataexchange.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\electricautoclaims.com -> hxxps://electricautoclaims.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\ewfclaims.com -> hxxps://ewfclaims.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\farmersclaims.com -> hxxps://farmersclaims.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\fficassignments.com -> hxxps://fficassignments.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\grangeautoclaims.com -> hxxps://grangeautoclaims.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\innovation-connect.com -> hxxps://innovation-connect.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\mymitchell.com -> hxxps://www.mymitchell.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\qbeassignments.com -> hxxps://qbeassignments.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\reviewestimates.com -> hxxps://reviewestimates.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\shopbackroom.com -> shopbackroom.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\stateautoclaims.com -> hxxps://stateautoclaims.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\theshopofchoice.com -> hxxps://theshopofchoice.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\vehicleassignments.com -> hxxps://vehicleassignments.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\viewclaim.com -> hxxps://viewclaim.com
IE trusted site: HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\viewclaims.com -> hxxp://www.viewclaims.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\Control Panel\Desktop\\Wallpaper -> c:\users\testlogin\desktop\dan's\mp0dxeh.jpg
HKU\S-1-5-21-2116546233-1217922705-4240200989-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RtHDVBg_PushButton"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "USB3MON"
HKLM\...\StartupApproved\Run32: => "Dell Registration"
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2116546233-1217922705-4240200989-1001\...\StartupApproved\Run: => "HP Officejet Pro 8620 (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A7950F4D-A02F-44B2-9BD5-72C50F5EB569}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{29787F87-B738-486C-95BB-469EEC0C318C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8E105048-0154-4682-BFFE-13BAF46FB379}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0D44C752-1BB4-4163-95E5-4FDC52D5BD39}] => (Allow) C:\Users\test login\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A5C91B12-352D-499B-8689-19B2F35C026B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{3A887EE0-AD5D-46FB-BCB7-F8DA6D2FBDFF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{3B9A7D91-83DF-42BF-ACAC-5BF8718D1F6B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{8E048C60-DF9B-408F-A972-445422A6F70E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{25C51E2C-74C2-4AE8-B0EC-F2AD443846E8}] => (Allow) LPort=5357
FirewallRules: [{961C8A13-5597-40D4-918D-ADF89CDB76CB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0115CBFD-8541-4D77-B779-344D5BBF1B9E}] => (Allow) LPort=3702
FirewallRules: [{26B2B2EC-4E0D-4196-8CA0-CFEEEF5BAF94}] => (Allow) LPort=9244
FirewallRules: [TCP Query User{EFC9F383-6A36-475D-B9A2-DD2DC4AE4DB9}C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe] => (Allow) C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe
FirewallRules: [UDP Query User{63517C95-C9A5-40F4-82CF-974A918EF706}C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe] => (Allow) C:\program files (x86)\oeconnection\oeconnection application update service\oecupdaterserviceproxy.exe
FirewallRules: [TCP Query User{21AD6FD8-BAF0-4AB7-8A1B-9E4936FF7CB0}C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe] => (Allow) C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe
FirewallRules: [UDP Query User{9109B61A-131D-4D42-B47F-669BC7AB191F}C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe] => (Allow) C:\program files (x86)\oeconnection\collisionlink shop\2.1.7\launcher.exe
FirewallRules: [{17D9A8CA-9D4E-4F7D-95D2-86CDA8AB2B5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-03-2018 10:48:58 Installed Mitchell Connect.
05-04-2018 01:01:45 Scheduled Checkpoint
07-04-2018 11:47:18 Windows Modules Installer
09-04-2018 12:34:02 Installed Mitchell Connect.

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2018 06:20:14 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:20:09 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:20:04 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:19:59 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:19:54 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:19:49 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:19:44 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

Error: (04/11/2018 06:19:39 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON.

System errors:
=============
Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2018 10:16:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2018 10:12:32 AM) (Source: DCOM) (EventID: 10016) (User: EST2-MOD)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user EST2-MOD\testlogin SID (S-1-5-21-2116546233-1217922705-4240200989-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/11/2018 10:11:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/11/2018 10:11:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (04/11/2018 10:10:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-04-10 08:45:33.061
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A2F2C74C-E94F-450B-A4F5-97F20D69F8FE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-10 08:34:08.283
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {758A1C82-3D17-44F3-9B0F-AED631DF9447}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-10 08:14:38.484
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {61417878-9876-44E3-AE39-0FD6EAAA0062}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-10 08:06:40.235
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D926F587-B5A6-444F-B89C-6C7849BAFB16}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-10 07:52:47.568
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {66177346-2FE6-4A77-A8F0-9E8CD4D817D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-11 10:13:37.689
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-11 10:13:37.688
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-04-10 07:02:39.531
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.380.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-03-23 07:56:34.584
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2018-03-23 07:56:34.584
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80501002
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2018-04-11 18:17:42.373
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:12:42.432
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:07:42.593
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:02:42.383
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:01:32.610
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:01:32.605
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:01:32.600
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-11 18:01:32.597
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\LogMeIn\x64\LMIhook.000.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 63%
Total physical RAM: 4012.95 MB
Available physical RAM: 1452.89 MB
Total Virtual: 8108.95 MB
Available Virtual: 4814.42 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:442.94 GB) (Free:366.53 GB) NTFS
Drive g: (KODAK) (Removable) (Total:7.39 GB) (Free:6.96 GB) FAT32

\\?\Volume{07b97ec4-00e7-11e4-a4c4-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:22.78 GB) (Free:11.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C80F96F4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=22.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=442.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Protective MBR) (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

April 11, 2018

Hello,

Have a Windows 10 box that keeps having the "How do you want to open this file" pop up. No file name or extension given. When I select Notepad it says "Cannot find the C:\Program.txt file. Do you want to create a new file?

Thoughts?

Sign In

DrJ27

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by DrJ27

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

How Do you Want to open this file

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information