Trappers Posted February 19, 2018 ID:1217503 Share Posted February 19, 2018 BELOW IS A PASTED ADDITION FRST. THE OTHER FILE IS ATTACHED. ONLY ONE FILE WOULD ATTACH. I DON'T KNOW WHAT TAGS YOU ARE REFERRING TOO! INSTRUCTIONS WERE EXTREMELY POOR. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018 Ran by trappers lake lodge (19-02-2018 13:52:57) Running from C:\Users\trappers lake lodge\Downloads Windows 10 Home Version 1709 16299.248 (X64) (2017-12-26 17:14:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4214857244-4234523739-1568939982-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4214857244-4234523739-1568939982-503 - Limited - Disabled) defaultuser0 (S-1-5-21-4214857244-4234523739-1568939982-1000 - Limited - Disabled) => C:\Users\defaultuser0 defaultuser1 (S-1-5-21-4214857244-4234523739-1568939982-1004 - Limited - Enabled) => C:\Users\defaultuser1.LAPTOP-N50526K8 Guest (S-1-5-21-4214857244-4234523739-1568939982-501 - Limited - Disabled) QBPOSDBSrvUser (S-1-5-21-4214857244-4234523739-1568939982-1002 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser trappers lake lodge (S-1-5-21-4214857244-4234523739-1568939982-1001 - Administrator - Enabled) => C:\Users\trappers lake lodge WDAGUtilityAccount (S-1-5-21-4214857244-4234523739-1568939982-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.) Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION) EPSON WF-2750 Series Printer Uninstall (HKLM\...\EPSON WF-2750 Series) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{0CB4EF8E-EE5B-49F6-8376-A702C222D6DA}) (Version: 3.1.3.0 - SEIKO EPSON Corporation) GlanceGuest version 3.8.10.56 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 3.8.10.56 - Glance Networks, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.) GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-4214857244-4234523739-1568939982-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.) HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP) HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.) HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ENVY 5530 series Basic Device Software (HKLM\...\{FE11AA0F-756F-4879-97A0-B1705E2DCABE}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 5530 series Help (HKLM-x32\...\{97EAE055-1BE8-4775-8101-453E9715EC3F}) (Version: 30.0.0 - Hewlett Packard) HP ePrint SW (HKLM-x32\...\{b0ebf7ff-6b1a-4a92-9c85-6915be1962b9}) (Version: 5.1.19895 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.) HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.) HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.5.37.19 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.8.47.1 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.) HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP) inReach Sync (HKLM-x32\...\{188B9BB3-A4C6-43D2-B032-EAADC8E9C2D6}) (Version: 1.4.11.7756 - Garmin) Hidden inReach Sync (HKLM-x32\...\{f2a00d38-f9af-4686-b131-2c9e5a0badf4}) (Version: 1.4.11.7756 - Garmin) Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation) Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes) Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9001.2138 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4214857244-4234523739-1568939982-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Product Improvement Study for HP ENVY 5530 series (HKLM\...\{2EC3E3B8-797A-47FD-B3A2-574C96597A19}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4005.2702 - Intuit Inc.) Hidden QuickBooks Point of Sale Desktop 12.0 (HKLM-x32\...\{027BC197-66A8-4EE8-9F96-2F7455A5F38D}) (Version: 23.10.7 - Intuit Inc.) QuickBooks Pro 2017 (HKLM-x32\...\{82F55A7D-6BEB-436B-A1DC-586E113782D7}) (Version: 27.0.4005.2702 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.) Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) TSP100 Setup Version 6.2.0 (HKLM\...\{1250F43A-7178-4C6F-82FC-1ABEBEEE5632}) (Version: 6.2.0 - Star Micronics) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4214857244-4234523739-1568939982-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\trappers lake lodge\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll (LogMeIn, Inc.) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1021E465-7D9A-4AA1-A2FE-C576401A33C8} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.) Task: {1456E04B-5F45-4E92-B368-408CCCDB96C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-15] (Google Inc.) Task: {1824F548-C645-4F1F-AA9C-61B879E011F7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] () Task: {19D55306-7165-4B15-8C82-E2321BB50F8F} - System32\Tasks\HPCeeScheduleFortrappers lake lodge => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {2F3736C4-010B-4CFA-8E06-40654E3D6AD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.) Task: {317CBCFE-FC29-4193-A730-B33FE04123FB} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [2017-03-07] () Task: {4FB5E7D0-B57B-45C4-9E13-FEAEA8DD6289} - System32\Tasks\EPSON WF-2750 Series Update {B000F59A-CD5E-45A2-98B7-29B945FB51DD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM2E.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {5569FB28-5E0D-4412-BE46-3CD38BB25B46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.) Task: {575A3043-6B64-4668-8D40-CA4CF9883901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {5783BE64-11B3-489D-816A-011DB2D51DA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {57D54B0B-03C0-4761-B30C-F8B3BEA76563} - System32\Tasks\HP AR Program Upload - 046b7f1c35c34bf89ca64f176a06a4022b6800bcb36641f592118680ab833068 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {594F98CF-C336-45FF-88F4-A014531D1D69} - System32\Tasks\G2MUploadTask-S-1-5-21-4214857244-4234523739-1568939982-1001 => C:\Users\trappers lake lodge\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-21] (LogMeIn, Inc.) Task: {5D44E5C6-568B-41A5-85A9-E4A64B0062C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation) Task: {5E38C23B-C0CC-40A7-8FCE-54741656A85E} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] () Task: {5FAAE717-88C7-471E-8C24-FD9276E9F471} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {722CB3E8-5D0E-4B86-B6BF-A26636F770BC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-24] (Dropbox, Inc.) Task: {7A48E1BE-DA41-4826-83DC-5246545BDBC7} - System32\Tasks\EPSON WF-2750 Series Update {80DDF375-D11F-4B81-8E15-3EF735AE6659} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM2E.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {7A7484C5-019A-4E88-897E-DA9F3BC7019F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7DEADD93-6A0A-4290-84AD-51AFF2D84A98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation) Task: {8E81F169-0F1C-4F4F-B0AF-1B1DD9DDC847} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {9DE9BAC4-CC8E-4F89-B937-6860D4BC02F5} - System32\Tasks\G2MUpdateTask-S-1-5-21-4214857244-4234523739-1568939982-1001 => C:\Users\trappers lake lodge\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-21] (LogMeIn, Inc.) Task: {9FAB88DC-B4C7-4007-B3A7-7364110693CD} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {A300AC85-0FE0-4C3C-800F-A40800B2D18E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] () Task: {A692A14E-1147-4FB6-BB4E-B8FBDD93EF43} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-03] (Microsoft Corporation) Task: {AAC0513B-3A46-4EF1-A2F3-9F47C807981A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation) Task: {ABA4B7F8-E2A3-40FD-B409-9466D0BC83F9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-03] (Microsoft Corporation) Task: {B559B9FC-1A06-4815-927A-11B2D860FCF3} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation) Task: {C3D289B5-ACCB-441F-8162-EE0D41C757A6} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.) Task: {C508FAD2-5F2D-4224-8309-B9799475D4FD} - System32\Tasks\HP AR Program Upload - 3c1fb116024f4d728e05644fb0b1f53d570ee8cfe10f4b2cbfbb56f30bb13194 => C:\Program Files\HP\HP ENVY 5530 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>) Task: {C8EF5A29-F4A0-4B2D-AA6B-5FCBA7BA1042} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-15] (Google Inc.) Task: {D1F727CC-90F1-48C0-B918-D70B11CDC62C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-24] (Dropbox, Inc.) Task: {DD7D049F-4C86-47DD-BCB4-A096CA546DB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation) Task: {DE08CF87-D777-4F16-B633-37E1B0D01A8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {DF4C0251-8049-4AEF-9CBD-FB605FF38A98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-30] (HP Inc.) Task: {E6002F0D-5532-43DD-B1D8-AE83AD1FD286} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation) Task: {EC7C79B8-66DF-4C89-9B0C-52054B53FE3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\EPSON WF-2750 Series Update {80DDF375-D11F-4B81-8E15-3EF735AE6659}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM2E.EXE:/EXE:{80DDF375-D11F-4B81-8E15-3EF735AE6659} /F:UpdateWORKGROUP\LAPTOP-N50526K8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON WF-2750 Series Update {B000F59A-CD5E-45A2-98B7-29B945FB51DD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM2E.EXE:/EXE:{B000F59A-CD5E-45A2-98B7-29B945FB51DD} /F:UpdateWORKGROUP\LAPTOP-N50526K8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4214857244-4234523739-1568939982-1001.job => C:\Users\trappers lake lodge\AppData\Local\GoToMeeting\8199\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4214857244-4234523739-1568939982-1001.job => C:\Users\trappers lake lodge\AppData\Local\GoToMeeting\8199\g2mupload.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFortrappers lake lodge.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-09-01 11:09 - 2017-12-10 19:01 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-09-01 11:09 - 2017-12-10 19:01 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-08-05 15:42 - 2016-08-05 15:42 - 000843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe 2018-02-13 21:32 - 2018-02-09 21:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-02-13 21:32 - 2018-02-09 21:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-01-30 09:30 - 2018-01-30 09:30 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-01-30 09:30 - 2018-01-30 09:30 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-01-30 09:30 - 2018-01-30 09:30 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-01-30 09:30 - 2018-01-30 09:30 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll 2018-01-30 09:30 - 2018-01-30 09:30 - 000667136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-02-02 07:40 - 2018-02-02 07:40 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000477696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-02-15 19:04 - 2018-02-15 19:04 - 061401088 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-04 11:59 - 2017-10-04 12:02 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000010240 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 003741184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2017-12-14 08:43 - 2017-12-14 08:46 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 016183296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 003592704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 003226112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-02-05 09:07 - 2018-02-05 09:07 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000090624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\BendRealityNode.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2017-12-14 08:43 - 2017-12-14 08:46 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000618496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-02-15 19:04 - 2018-02-15 19:04 - 000200192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.13110.0_x64__8wekyb3d8bbwe\SKU.dll 2018-02-13 21:18 - 2018-02-12 21:25 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libglesv2.dll 2018-02-13 21:18 - 2018-02-12 21:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.167\libegl.dll 2017-09-29 06:41 - 2017-09-29 06:41 - 000047616 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll 2018-02-13 21:31 - 2018-02-09 21:41 - 004173824 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll 2018-02-13 21:31 - 2018-02-09 21:41 - 003662336 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll 2018-02-14 09:42 - 2018-02-14 09:42 - 000134656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\ad65ae2b938b76745d379b4571b69796\BRIDGECommon.ni.dll 2018-02-14 09:43 - 2018-02-14 09:43 - 000112128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\a0b2665c4ecd132da41e39a7e7cb4768\BridgeExtension.ni.dll 2018-02-14 09:43 - 2018-02-14 09:43 - 000068608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NativeInterop\f39e611abc00ce4ac22275c6cb8eed09\NativeInterop.ni.dll 2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-03-07 00:43 - 2017-03-07 00:43 - 000253104 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\DiscoManager.dll 2017-03-07 00:44 - 2017-03-07 00:44 - 000038576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\QBCompressor.dll 2017-03-07 00:44 - 2017-03-07 00:44 - 000109232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\QBMAPILibrary.dll 2017-03-07 00:44 - 2017-03-07 00:44 - 000091312 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\QBProActiveCore.dll 2017-03-07 00:43 - 2017-03-07 00:43 - 000617136 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\FtuEngine.dll 2017-03-06 23:41 - 2017-03-06 23:41 - 000630784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\boost_regex-vc120-mt-1_55.dll 2017-03-07 00:43 - 2017-03-07 00:43 - 000252592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\boost_serialization-vc120-mt-1_55.dll 2017-03-07 00:43 - 2017-03-07 00:43 - 000698032 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\BackupLib.dll 2017-03-06 23:41 - 2017-03-06 23:41 - 052036096 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\libcef.dll 2017-03-07 00:45 - 2017-03-07 00:45 - 000073392 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\zlib1.dll 2017-03-07 00:43 - 2017-03-07 00:43 - 000124080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\ConfigEngineInterop.dll 2017-03-07 00:43 - 2017-11-27 06:19 - 001339568 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\FeaturesBridge.dll 2017-03-07 00:44 - 2017-03-07 00:44 - 000074928 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2017\mbpopup.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 04:47 - 2016-07-16 04:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4214857244-4234523739-1568939982-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\trappers lake lodge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-4214857244-4234523739-1568939982-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9EDD2A83-B8E9-4722-94F8-07CBBF1B7A9E}] => (Allow) C:\Users\trappers lake lodge\AppData\Local\Temp\7zS652F\HPDiagnosticCoreUI.exe FirewallRules: [{8BB972F3-81B7-4703-AB3B-003809C22B60}] => (Allow) C:\Users\trappers lake lodge\AppData\Local\Temp\7zS652F\HPDiagnosticCoreUI.exe FirewallRules: [{6F4408C9-5362-42DD-896B-6AC55B7BAAF9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{126F82BA-531B-4C79-9AC4-C1291BB601AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0886A920-9898-4652-9775-6151D0494CE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2E168885-FC14-4EED-92BA-7E728A7DCDDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{BF2C50CD-62DF-4D57-8704-D71A10B60F57}C:\users\trappers lake lodge\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\trappers lake lodge\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{75B32296-5FBD-4492-9116-99A8F5621A68}C:\users\trappers lake lodge\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\trappers lake lodge\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [{B48AF054-78F5-4267-BA08-8E7914916524}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBPOSDBService.exe FirewallRules: [{F2FDF832-4B35-47DF-86E6-BA928AB00DEA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgrN10.exe FirewallRules: [{3F573183-F715-42A5-A6C7-9888CB6E1734}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgrN10.exe FirewallRules: [{A139F755-4AFB-4A7D-B3CB-D8BD78CA029E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgr10.exe FirewallRules: [{F5A5308E-C5C7-4298-B128-950771598477}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgr10.exe FirewallRules: [{7EB27873-1D03-46DD-954E-578BCBFD84EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe FirewallRules: [{4D9C2253-653B-4619-A21F-FC82B6E0EC9F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe FirewallRules: [{68E6496B-0A88-475A-B937-7956A0BA9344}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe FirewallRules: [{070DE4BE-3C6E-45B1-8D4A-61C37483B3A3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{F6C7F88F-5C71-421C-9FFB-9BBC7C9563FF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{50FC0D77-5408-4635-81B9-335E5CAC9EA1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{A9D04826-546B-4985-8330-D6542CA2A1B3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{935A4D75-1F80-4B5D-B744-C3C94C6DE560}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{93EE182E-0887-442B-BA49-75C7F829F8CF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{6466586E-2BB2-42FA-8311-5ABF30C587F4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgrN16.exe FirewallRules: [{67A7B7C5-495E-4204-B882-217B8E9C0C78}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgrN16.exe FirewallRules: [{D26B6233-66AE-41F0-A97F-E890FAF6C948}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgr16.exe FirewallRules: [{8E8AA9DD-857D-41EF-B794-A621AEE29BEF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 12.0\DatabaseServer\QBDBMgr16.exe FirewallRules: [{CE9860DC-C455-48C7-93BE-16468047503F}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe FirewallRules: [{71A97FF5-BCDF-4437-87CC-8429D7E5BD04}] => (Allow) LPort=5357 FirewallRules: [{4CF01BB2-449F-409D-9DEB-DFFB597B1C3D}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{C728A746-D3D2-4127-B92A-64F182579CAA}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe FirewallRules: [{9CE11562-A0ED-45ED-8943-13B349AB25B2}] => (Allow) LPort=13148 FirewallRules: [{97222ECC-2D1B-4A59-848F-95DBB39B308B}] => (Allow) C:\Users\trappers lake lodge\AppData\Local\Temp\7zS000C\HPDiagnosticCoreUI.exe FirewallRules: [{DE241B3D-91C9-4D09-B7B8-2B9537849CD1}] => (Allow) C:\Users\trappers lake lodge\AppData\Local\Temp\7zS000C\HPDiagnosticCoreUI.exe FirewallRules: [{35A433E7-F29C-4C6B-8D82-B80CD8445A7E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{EC360698-7EE2-4119-BF2D-7ADAC527B7F2}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{9CDFC27D-4A16-4B7A-A558-E0721314FA8A}] => (Allow) E:\Network\EpsonNetSetup\ENEASYAPP.EXE FirewallRules: [{0F8F39E6-0418-49E4-8E8E-AE3E3DE3D52B}] => (Allow) E:\Network\EpsonNetSetup\ENEASYAPP.EXE FirewallRules: [{BC334956-55B4-4F92-B3B3-ABE8EC846015}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{B0818CF1-CBC9-4607-BFAC-B9BE40EF0981}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{2037D4C0-5B97-4B20-9E83-D2A0BD79EA37}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{FB86E637-8F7C-45F2-9801-BA8323DB7C90}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{C59B4CAE-20BA-43CD-98DB-C78048E3947E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{536B5C88-1490-45F8-901A-ACC8B59F7A84}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Restore Points ========================= 04-02-2018 15:50:21 Windows Modules Installer 07-02-2018 17:36:54 Windows Update 13-02-2018 21:28:23 Windows Update 15-02-2018 12:50:19 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/19/2018 11:50:08 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 35969 ms DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989 Executing Function: PolicyBase::takeControlOfOsc Message: Passive Policy 2: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Passive Policy 2 [4] Error: (02/19/2018 11:50:08 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.2.11000.2996) TYPE: ERROR MODULE: DPTF TIME 35902 ms DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 989 Executing Function: PolicyBase::takeControlOfOsc Message: Active Policy: Failed to acquire OSC: Failure during execution of _OSC: DPTF Build Version: 8.2.11000.2996 DPTF Build Date: Aug 10 2016 11:44:33 Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 472 Executing Function: EsifServices::primitiveExecuteSet Message: Error returned from ESIF services interface function call Participant: NoParticipant Domain: NoDomain ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93] ESIF Instance: 255 ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202] Policy: Active Policy [0] Error: (02/19/2018 09:07:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WINWORD.EXE, version: 16.0.9001.2138, time stamp: 0x5a604f67 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6c21743d Faulting process id: 0x45fc Faulting application start time: 0x01d3a99b67cdfe53 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Faulting module path: unknown Report Id: 23ac0670-cdf5-4ac0-a39b-7a3d60d54300 Faulting package full name: Faulting package-relative application ID: Error: (02/19/2018 09:07:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WINWORD.EXE, version: 16.0.9001.2138, time stamp: 0x5a604f67 Faulting module name: KERNELBASE.dll, version: 10.0.16299.248, time stamp: 0x13ae3814 Exception code: 0xc06d007e Fault offset: 0x001008c2 Faulting process id: 0x45fc Faulting application start time: 0x01d3a99b67cdfe53 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 32a11b26-ff69-4139-9dfe-36249da37426 Faulting package full name: Faulting package-relative application ID: Error: (02/19/2018 09:05:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WINWORD.EXE, version: 16.0.9001.2138, time stamp: 0x5a604f67 Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x30134c68 Exception code: 0xc0000005 Fault offset: 0x00038091 Faulting process id: 0x45fc Faulting application start time: 0x01d3a99b67cdfe53 Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Faulting module path: C:\WINDOWS\System32\shcore.dll Report Id: 90fe0b69-ad78-4dfd-b21a-02bfd7b30cee Faulting package full name: Faulting package-relative application ID: Error: (02/18/2018 06:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/18/2018 08:23:02 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (02/18/2018 08:23:02 AM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected System errors: ============= Error: (02/19/2018 12:19:04 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-N50526K8) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user LAPTOP-N50526K8\trappers lake lodge SID (S-1-5-21-4214857244-4234523739-1568939982-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 12:15:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 12:11:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 12:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 12:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 11:50:08 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:27:14 AM on 2/19/2018 was unexpected. Error: (02/19/2018 10:13:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/19/2018 10:07:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-02-19 13:40:01.893 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {79A4DA76-0D94-433B-B309-882515C9B431} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-19 13:31:13.017 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0B406CB9-EA10-4A54-BEC0-7DBDE16B4793} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-19 12:52:22.875 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {AD1DB2A8-302E-4F22-8159-2C01F24E6D46} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-19 12:16:44.901 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {ECFCFF03-8E0D-4D0C-A7A0-C686BCCF1A21} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-02-19 12:11:32.595 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C9A8C28F-2B69-4676-B35C-EB4CF77798F6} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-01-27 18:47:39.799 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.381.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x80072ee2 Error description: The operation timed out Date: 2018-01-27 18:47:39.798 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 118.2.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.14202.0 Error code: 0x80072ee2 Error description: The operation timed out Date: 2018-01-27 18:47:09.254 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.381.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-27 18:47:09.254 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.381.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. Date: 2018-01-27 18:47:09.254 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.261.381.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14500.5 Error code: 0x800704e8 Error description: The remote system is not available. For information about network troubleshooting, see Windows Help. CodeIntegrity: =================================== Date: 2018-02-18 08:32:06.991 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-18 08:32:06.219 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-18 08:31:58.989 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-18 08:31:58.759 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-16 22:27:42.009 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-16 22:27:41.742 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-16 21:10:38.548 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-02-16 21:10:37.808 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Percentage of memory in use: 54% Total physical RAM: 8045.72 MB Available physical RAM: 3689.98 MB Total Virtual: 9325.72 MB Available Virtual: 4288.52 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:919.4 GB) (Free:855.67 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.13 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{49eb4027-2c90-465e-b86f-56680ebeffa1}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32 \\?\Volume{e60c8b88-893d-454d-a1a3-82ffd0710e4a}\ () (Fixed) (Total:0.96 GB) (Free:0.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E56360A1) Partition: GPT. ==================== End of Addition.txt ============================ FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2018 Root Admin ID:1217954 Share Posted February 21, 2018 Hello @Trappers and Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7, 2018 Root Admin ID:1221895 Share Posted March 7, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts