Jump to content

Recommended Posts

Starting a couple of weeks ago, I have started seeing occasional screens claiming my McAfee subscription has just expired.  The thing is, I don't have any McAfee products installed on my computer.  Security is handled by Malwarebytes Premium v3.5.1 and Webroot SecureAnywhere v9.0.21.18 on my Windows 10 Home v1803 (64 bit) computer.

So far, I've only noticed this on Firefox v61.0.2 (64bit).  I haven't tried with any other browser, mostly since I despise most others and this is such a sporadic (every 2-3 day) event.  I've scanned completely and Malwarebytes doesn't see anything.  I've looked among my installed programs and see neither McAfee nor any obvious 3rd party scammer software.

It always seems to happen when I'm away from the computer for a while.  I come back and there it is.  It goes away if I just close its tab... until the next time.  There are no other obvious changes.

Has anybody seen or heard of anything like this?  If you have, how do I rid myself of this cockroach?

McAfee Bullshit.JPG

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is a scam do not reply to the message.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions
==============================

Link to post
Share on other sites

Your system won't allow me to send the text of first.txt in the body of the reply here.  HANIG-3.jpg shows you what I saw when I tried to submit it.  I am (trying) to also attach addition.txt.

I could always send you screen captures of the text in First.txt if you want.  You wouldn't be able to manipulate the text but at least you could read it.  Let me know what you want to do.

Addition.txt

HANIG-3.JPG

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Jay (administrator) on JAYS-OFFICE (14-08-2018 21:52:51)
Running from C:\Users\Jay\Desktop\Farbar Recovery
Loaded Profiles: Jay (Available Profiles: Jay)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Bayer Healthcare LLC) C:\Program Files (x86)\Ascensia Diabetes Care SmartLaunch\bin\AscensiaDCService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Genie9) C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\System32\mlpatch.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Windows\System32\GManager.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Octoshape ApS) C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Keeper Security, Inc.) C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIQDE.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Traysoft Inc.) C:\Program Files (x86)\PhoneTray\PhoneTray.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Keeper Security, Inc.) C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
() C:\Users\Jay\AppData\Local\keeperagent\resources\app\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe
(Oracle Corporation) C:\Program Files (x86)\Keeper Security\Keeper Password & Data Vault\jre\bin\javaw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1895120 2016-02-19] (Magic Control Technology Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-06-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585296 2017-11-22] ()
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-12-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-12-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4630488 2018-06-18] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [3710592 2018-07-12] (Webroot)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-11-22] (Acronis International GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [CockroachOnDesktop] => C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe [3322368 2013-01-26] ()
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [PCShowServer] => C:\Users\Jay\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [keeperagent] => C:\Users\Jay\AppData\Local\keeperagent\keeperagent.exe [57377280 2017-07-02] (Keeper Security, Inc.)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Run: [EPLTarget\P0000000000000004] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIQDE.EXE [418000 2016-07-13] (Seiko Epson Corporation)
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2016-05-15]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhoneTray.lnk [2015-08-22]
ShortcutTarget: PhoneTray.lnk -> C:\Program Files (x86)\PhoneTray\PhoneTray.exe (Traysoft Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7d8ce0ec-e384-453d-9535-5430f276500c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89d3cf6d-e4e3-4a39-9055-87d9a9d7c57a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-08-13] (Webroot)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-27] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-08-13] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)

FireFox:
========
FF ProfilePath: C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 [2018-08-14]
FF Homepage: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> hxxp://www.protopage.com/jayhanig
FF HomepageOverride: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> Disabled: Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com
FF NewTabOverride: Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032 -> Disabled: Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com
FF Extension: (Grammarly for Firefox) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2018-08-08]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2018-08-12]
FF Extension: (Bypass Paywalls) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\iamadamdev@hotmail.com.xpi [2018-07-23]
FF Extension: (Rotate and Zoom Image) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\rotate-and-zoom-image@mikk.cz.xpi [2018-03-10]
FF Extension: (Speed Check) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\Speed_Check_clone_CrMqWRFYTl@www.checkmyspeednow.com.xpi [2018-06-26]
FF Extension: (Block Site) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2018-08-05]
FF Extension: (Flash Video Player for Facebook™) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{d0bfdcce-52c7-4b32-bb45-948f62db8d3f}.xpi [2018-02-16]
FF Extension: (Adblock Plus) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
FF Extension: (Anti-Paywall) - C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\35r59jk2.default-1481263179032\Extensions\{e5322648-dfe4-4c45-b02d-44c61d545f2b}.xpi [2017-12-28]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_XPI\wts_ff_extension.xpi [2018-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-04-01] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-03-21] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_154.dll [2018-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_154.dll [2018-08-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-514081183-2536853567-307929770-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jay\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll [2017-02-15] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Jay\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-04-27] (Octoshape ApS)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default [2018-02-14]
CHR Extension: (Slides) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-12]
CHR Extension: (Docs) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-12]
CHR Extension: (Google Drive) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-12]
CHR Extension: (Google Docs Offline) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]
CHR Extension: (Webroot Password Manager) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2018-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-12]
CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-12]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [2725920 2018-04-03] (Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1216760 2017-11-22] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6096688 2018-06-26] ()
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 AscensiaDiabetesCareService; C:\Program Files (x86)\Ascensia Diabetes Care SmartLaunch\bin\AscensiaDCService.exe [163552 2017-03-28] (Bayer Healthcare LLC)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-06-14] (AVG Technologies CZ, s.r.o.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (Seiko Epson Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [678328 2018-06-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (Seiko Epson Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [673856 2014-06-18] (Genie9)
R2 GManager; C:\WINDOWS\system32\GManager.exe [313432 2012-08-28] ()
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2017-11-22] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2017-11-22] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1747296 2018-06-18] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 PhoneTrayService; C:\Program Files (x86)\PhoneTray\PhoneTrayService.exe [17184 2017-11-09] (Traysoft Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7003048 2017-11-22] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [6593536 2018-07-26] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [3710592 2018-07-12] (Webroot)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-15] (Malwarebytes)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [569392 2018-06-26] (Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [379664 2018-06-26] (Acronis International GmbH)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [191208 2018-07-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-14] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-08-14] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-14] (Malwarebytes)
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [174712 2016-08-29] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2017-01-01] (CACE Technologies, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
U5 t1pusb64; C:\Windows\System32\Drivers\t1pusb64.sys [181040 2014-10-27] (Magic Control Technology Corp.)
R3 t2usb64; C:\WINDOWS\system32\drivers\t2usb64.sys [358704 2016-09-21] (Magic Control Technology Corp.)
S3 t5usb64; C:\WINDOWS\system32\drivers\t5usb64.sys [141616 2014-10-30] (Magic Control Technology Corporation)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2018-06-26] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2018-06-26] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2018-06-26] (Acronis International GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2018-06-26] (Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2018-06-26] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [128216 2018-07-12] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [68896 2018-05-02] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 21:52 - 2018-08-14 21:52 - 000000000 ____D C:\FRST
2018-08-14 21:50 - 2018-08-14 21:52 - 000000000 ____D C:\Users\Jay\Desktop\Farbar Recovery
2018-08-14 21:50 - 2018-08-14 21:50 - 002412544 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2018-08-11 10:20 - 2018-08-11 10:20 - 000000000 ___HD C:\OneDriveTemp
2018-08-08 01:37 - 2018-08-08 01:37 - 000000000 ____D C:\Users\Jay\Desktop\Inet
2018-08-07 05:45 - 2018-08-07 05:45 - 000017271 _____ C:\Users\Jay\Documents\Officer's Ranks.odt
2018-08-03 18:57 - 2018-08-03 18:57 - 000537705 _____ C:\Users\Jay\Documents\Dermatology Patient Demographic Form.pdf
2018-08-03 04:10 - 2018-08-03 04:10 - 001667433 _____ C:\Users\Jay\Downloads\liberator_complete.zip
2018-08-03 04:10 - 2018-08-03 04:10 - 000546778 _____ C:\Users\Jay\Downloads\Instructions.pdf
2018-08-03 04:09 - 2018-08-03 04:10 - 067196620 _____ C:\Users\Jay\Downloads\vz58_complete.zip
2018-08-03 04:09 - 2018-08-03 04:09 - 143047777 _____ C:\Users\Jay\Downloads\ar15_complete.zip
2018-08-03 04:09 - 2018-08-03 04:09 - 044404090 _____ C:\Users\Jay\Downloads\ar10_complete.zip
2018-08-03 04:09 - 2018-08-03 04:09 - 040656604 _____ C:\Users\Jay\Downloads\1911_complete.zip
2018-08-03 04:09 - 2018-08-03 04:09 - 014520064 _____ C:\Users\Jay\Downloads\ruger_10-22_complete.zip
2018-07-31 10:07 - 2018-07-31 10:08 - 000145106 _____ C:\Users\Jay\Downloads\Policies.pdf
2018-07-31 10:07 - 2018-07-31 10:07 - 000096298 _____ C:\Users\Jay\Downloads\Quality of Care.pdf
2018-07-31 10:07 - 2018-07-31 10:07 - 000045842 _____ C:\Users\Jay\Downloads\Communication Release.pdf
2018-07-31 10:06 - 2018-07-31 10:06 - 000131343 _____ C:\Users\Jay\Downloads\Notice of Privacy Practices.pdf
2018-07-31 10:06 - 2018-07-31 10:06 - 000103006 _____ C:\Users\Jay\Downloads\Health History.pdf
2018-07-31 10:06 - 2018-07-31 10:06 - 000055601 _____ C:\Users\Jay\Downloads\Patient Demographic Form.pdf
2018-07-27 10:33 - 2018-07-27 10:33 - 000001859 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-07-27 10:33 - 2018-07-27 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-27 10:33 - 2018-07-27 10:33 - 000000000 ____D C:\Program Files\iPod
2018-07-27 10:32 - 2018-07-27 10:33 - 000000000 ____D C:\Program Files\iTunes
2018-07-23 14:31 - 2018-07-23 14:31 - 000056310 _____ C:\Users\Jay\Documents\img20180723_14314519.pdf
2018-07-23 14:24 - 2018-07-23 14:24 - 000037676 _____ C:\Users\Jay\Documents\img20180723_14241696.pdf
2018-07-22 00:14 - 2018-07-22 00:15 - 000071781 _____ C:\Users\Jay\Documents\Hanig Erie Rate Consent.pdf
2018-07-22 00:13 - 2018-07-22 00:14 - 000037828 _____ C:\Users\Jay\Documents\Hanig Rev Mortgage.pdf
2018-07-18 12:53 - 2018-07-18 12:53 - 000000000 _____ C:\Users\Jay\Downloads\mag-summer2018-print.pdf
2018-07-16 06:01 - 2018-07-16 06:01 - 000000256 _____ C:\Users\Jay\Desktop\WF-3720WF-4720WF-4730 Series User's Guide.URL
2018-07-16 05:45 - 2018-07-16 05:45 - 000000000 _____ C:\WINDOWS\eeventmanager.INI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-14 21:42 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-14 21:32 - 2018-05-01 21:45 - 000004576 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-08-14 21:32 - 2018-05-01 21:45 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-08-14 21:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-08-14 21:32 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-08-14 21:31 - 2018-05-01 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-14 21:14 - 2018-05-01 21:45 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-08-14 18:15 - 2018-07-11 23:54 - 000102632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-08-14 13:21 - 2016-11-26 07:39 - 000000000 ____D C:\Users\Jay\AppData\LocalLow\Mozilla
2018-08-14 12:15 - 2015-08-22 14:27 - 000000000 ____D C:\Users\Jay\AppData\Roaming\KeeperData
2018-08-14 09:42 - 2015-08-23 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-08-14 03:26 - 2015-09-30 11:19 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-14 03:21 - 2015-08-23 19:45 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-08-14 03:20 - 2018-03-18 08:04 - 000001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-08-14 03:12 - 2018-05-01 21:35 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-14 03:12 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-14 03:12 - 2017-07-02 09:42 - 000000000 ____D C:\Users\Jay\AppData\Roaming\Keeper Agent
2018-08-14 03:12 - 2016-04-29 05:05 - 000000000 ___RD C:\Users\Jay\iCloudDrive
2018-08-14 03:12 - 2015-01-10 08:25 - 000000000 ___RD C:\Users\Jay\OneDrive
2018-08-14 03:11 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-14 03:11 - 2017-08-28 16:10 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-08-14 03:11 - 2015-01-10 08:23 - 000000000 __SHD C:\Users\Jay\IntelGraphicsProfiles
2018-08-14 03:10 - 2018-05-01 21:45 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-14 03:10 - 2018-05-01 21:45 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-14 03:09 - 2018-07-11 23:54 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-08-14 03:09 - 2018-07-11 23:54 - 000114920 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-08-14 03:09 - 2018-07-11 23:54 - 000048360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-08-14 03:09 - 2018-02-02 17:26 - 000273688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2018-08-14 03:09 - 2018-02-02 17:26 - 000230592 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2018-08-14 03:09 - 2017-08-28 16:23 - 000000000 ____D C:\Users\Public\Documents\PhoneTray
2018-08-14 03:09 - 2015-08-22 11:25 - 000002803 _____ C:\WINDOWS\system32\GManager.ini
2018-08-14 03:08 - 2018-05-01 21:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-14 03:08 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-08-14 03:08 - 2018-02-28 06:44 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJay.job
2018-08-13 19:51 - 2018-05-01 21:45 - 000003094 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2018-08-13 18:35 - 2018-02-02 17:26 - 000000000 ____D C:\ProgramData\WRData
2018-08-13 14:30 - 2018-05-01 21:45 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJay
2018-08-13 02:24 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-11 10:20 - 2018-05-01 21:45 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-514081183-2536853567-307929770-1001
2018-08-11 10:20 - 2018-05-01 21:26 - 000002406 _____ C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-09 05:47 - 2018-03-30 17:26 - 000001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-09 05:47 - 2018-03-30 17:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-09 05:47 - 2015-08-22 14:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-04 04:38 - 2013-11-19 00:50 - 000000000 ___RD C:\Users\Jay\Documents\Recipes
2018-07-27 10:34 - 2016-07-13 16:34 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-27 10:34 - 2016-07-13 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-27 10:34 - 2016-07-13 16:34 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-27 01:29 - 2018-07-11 05:23 - 000000000 ____D C:\ProgramData\Packages
2018-07-26 09:18 - 2017-06-14 03:11 - 000045568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2018-07-26 08:29 - 2017-09-04 12:02 - 000002539 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2018-07-26 08:29 - 2017-06-14 03:10 - 000002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2018-07-23 14:34 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-07-22 10:14 - 2015-08-22 11:45 - 000000000 ____D C:\Users\Jay\AppData\Local\ElevatedDiagnostics
2018-07-20 22:03 - 2015-08-23 12:56 - 000000000 ____D C:\ProgramData\Garmin
2018-07-16 05:47 - 2018-07-14 15:30 - 000000945 _____ C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2}.job
2018-07-15 05:32 - 2018-07-11 23:54 - 000191208 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-15 05:32 - 2018-01-27 15:02 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\en_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\es_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000021880 _____ (Schneider Electric) C:\Users\Jay\fr_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000021880 _____ (Schneider Electric) C:\Users\Jay\grm_res.dll
2013-12-21 01:37 - 2015-01-09 15:11 - 000229331 _____ () C:\Users\Jay\IP_Log_Data.js
2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\it_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000020344 _____ (Schneider Electric) C:\Users\Jay\jp_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 001079808 _____ (Microsoft Corporation) C:\Users\Jay\mfc80u.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000626688 _____ (Microsoft Corporation) C:\Users\Jay\msvcr80.dll
2013-03-22 07:00 - 2015-01-10 15:00 - 000583396 _____ () C:\Users\Jay\Network_Meter_Data.js
2011-12-08 17:21 - 2016-05-15 17:35 - 013923704 _____ (Schneider Electric) C:\Users\Jay\PCPE Setup.exe
2011-12-08 17:21 - 2016-05-15 17:35 - 000021368 _____ (Schneider Electric) C:\Users\Jay\pt_res.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000018808 _____ () C:\Users\Jay\ResourceReader.dll
2011-12-08 17:21 - 2016-05-15 17:35 - 000020856 _____ (Schneider Electric) C:\Users\Jay\ru_res.dll
2012-02-14 07:18 - 2016-05-15 17:35 - 000019832 _____ (Schneider Electric) C:\Users\Jay\zh_res.dll
2017-02-16 16:30 - 2017-02-16 15:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2018-02-02 17:27 - 2018-02-02 17:27 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2018-01-06 12:20 - 2018-01-06 12:20 - 000002332 _____ () C:\Users\Jay\AppData\Local\9636217D427A449eAAEF06B5BC5A9E92.Layout2.lbx

Some files in TEMP:
====================
2018-08-14 11:49 - 2018-08-14 11:49 - 000695808 _____ () C:\Users\Jay\AppData\Local\Temp\sqlite-3.8.11.2-9533cb40-479b-438a-8dfc-5827eb654b2b-sqlitejdbc.dll
2018-07-14 14:59 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jay\AppData\Local\Temp\_is2FDF.exe
2018-07-14 15:29 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Jay\AppData\Local\Temp\_is72A8.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-01 21:22

==================== End of FRST.txt ============================

Link to post
Share on other sites

I want you to know it's not a matter of I can't follow instructions; it's that I don't see a "Post"  or "More Replies Options" button anywhere.  What I see has a "Submit Reply " button.  I have attached a screen copy of the editor page that I see. Pressing "Insert other media" doesn't get me there either.

HANIG-4.JPG

Edited by Jay_Hanig
Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists please run this program.

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

p.s.
Do you get a blank page when you try to paste the Addition.txt log only?

When done please reply to this topic and let me know if the problem persists.


 

fixlist.txt

Edited by nasdaq
Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Jay (15-08-2018 16:34:10) Run:1
Running from C:\Users\Jay\Desktop\Farbar Recovery
Loaded Profiles: Jay (Available Profiles: Jay)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

Reboot:

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
"HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile" => removed successfully
"HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 16:34:33 ====

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Jay (14-08-2018 21:54:29)
Running from C:\Users\Jay\Desktop\Farbar Recovery
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-02 01:46:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-514081183-2536853567-307929770-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-514081183-2536853567-307929770-503 - Limited - Disabled)
Guest (S-1-5-21-514081183-2536853567-307929770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-514081183-2536853567-307929770-1003 - Limited - Enabled)
Jay (S-1-5-21-514081183-2536853567-307929770-1001 - Administrator - Enabled) => C:\Users\Jay
WDAGUtilityAccount (S-1-5-21-514081183-2536853567-307929770-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}) (Version: 22.5.12510 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{8FD2E7B8-F7F2-4121-ACAC-74BD07F4B41D}Visible) (Version: 22.5.12510 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.4.1 - Angry IP Scanner)
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 6.2.2 (HKLM-x32\...\Any Video Converter) (Version: 6.2.2 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\{F0A7F6FC-97BC-4D27-B33B-6E1EFE1BB42D}) (Version: 16.78.2 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.78.3.33194 - AVG Technologies)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
Brother P-touch Editor 5.1 (HKLM-x32\...\{BF6D28AE-0CAB-4950-AC4A-0AD38DA4C2E8}) (Version: 5.1.0311 - Brother Industries, Ltd.)
Cockroach on Desktop 1.2 (HKLM-x32\...\Cockroach on Desktop_is1) (Version:  - Drive Software Company)
CSV to vCard (HKLM-x32\...\{B9DCBBD4-20F5-424B-9C56-FFF62BE71CD7}_is1) (Version:  - csvtovcard.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software)
DetectorTools (HKLM-x32\...\{E8F0431A-A158-49F6-96AC-7C1380D9AF21}) (Version: 1.11.60 - Escort)
DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{D0251C06-C69E-401A-8133-57F3AFD08035}) (Version: 3.10.0088 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.34.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}) (Version: 4.4.9 - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3720_4720_4730 Guide (HKLM-x32\...\UsersGuideEpson WF-3720_4720_4730 Guide_is1) (Version: 1.0 - Epson America, Inc.)
EPSON WF-4730 Series Printer Uninstall (HKLM\...\EPSON WF-4730 Series) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Family Tree Maker 2014 (HKLM\...\{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}) (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
FMW 1 (HKLM\...\{4CC5FB14-3F4D-4FA8-B921-00A9B40145C4}) (Version: 1.227.45 - AVG Technologies) Hidden
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
GLUCOFACTS(TM) Deluxe (HKLM-x32\...\{489891F3-650E-4EA8-BA9E-4DA9E331EA59}) (Version: 3.11.02 - ASCENSIA Diabetes Care)
GLUCOFACTS(TM) Deluxe Smart Launch (HKLM-x32\...\{7B0EAC11-4D87-4254-B4F2-8D127A621B06}) (Version: 1.41.00 - ASCENSIA Diabetes Care)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Grammarly (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Grammarly) (Version: 1.4.21 - Grammarly)
Grammarly (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\GrammarlyForWindows) (Version: 1.5.31 - Grammarly)
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.9.24.3 - HP Inc.)
iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.)
Infinite HD™ App (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Keeper Desktop version 8.2.3 (HKLM-x32\...\{06BDF132-5EE6-4245-914B-5918759BEBD9}_is1) (Version: 8.2.3 - Keeper Security, Inc.)
Keeper Password Manager (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\keeperpasswordmanager) (Version: 10.14.1 - Keeper Security, Inc.)
LibreOffice 5.1 Help Pack (English (United States)) (HKLM\...\{726CF225-E85D-41DB-8B60-734850AEDCD9}) (Version: 5.1.2.2 - The Document Foundation)
LibreOffice 5.2.3.3 (HKLM\...\{CDBD2338-897B-432E-8424-EBC1290493DF}) (Version: 5.2.3.3 - The Document Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Mailing List Deluxe (HKLM-x32\...\Mailing List Deluxe) (Version:  - )
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.2.6793 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 en-US)) (Version: 52.9.1 - Mozilla)
MyHarmony (HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
ophcrack 3.6.0 (HKLM-x32\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
PhoneTray Pro (HKLM-x32\...\PhoneTrayPro) (Version:  - Traysoft Inc.)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.09 - NCH Software)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.10.11 - Quicken)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.1.17 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.14.9 - Intuit)
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.9.1 - ShareX Team)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.0 - Stellar Information Technology Pvt Ltd.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.5287 - TeamViewer)
ThunderFix 1.0.0.2 (HKLM-x32\...\{52291FC0-33D3-4A18-9587-5115225545D8}_is1) (Version:  - )
Trigger External Graphics Family 16.06.0910.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.06.0910.0179 - MCT Corp)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.21.18 - Webroot)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - ESCORT Inc. (WinUSB) MyDeviceClass  (07/22/2014 ) (HKLM\...\D0C35FE98CEDEF60A59F31DC022A63EFCF48559E) (Version: 07/22/2014  - ESCORT Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] ()
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] ()
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] ()
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-11-22] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2013-08-29] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-07-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers5: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2013-08-29] (Genie9)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-25] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-08-14] (Webroot)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1969B1FB-97FB-4AA5-9610-6BF4100994D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {1C80D8A9-916F-4F8A-9484-700240142CAC} - System32\Tasks\HPCeeScheduleForJay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {2BDA3CFF-DAD5-4434-BDD1-E42317D23B09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {2EA2BB97-E79C-4B5F-85AF-CFFD971866EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {319AB801-3002-4EAF-A2A5-01E324D8BDE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.)
Task: {3D1ED465-6481-47BF-AD20-6698438FC979} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {403C6CC9-E8B4-4D05-9983-E9AD660C16BE} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-07-26] (AVG Technologies CZ, s.r.o.)
Task: {5C2BAE6A-E5D6-426A-8D17-FC61990A556F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {65D1884F-F90F-4C97-94AF-D1D90DBF0AA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {6BD37FFB-A570-44BE-B4C6-78447B70EA91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.)
Task: {7BF0C28A-048B-4356-91B8-B809FE62EB01} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-09-27] (HP Inc.)
Task: {7E153995-35AE-43A4-83BE-0325E3EEA0CD} - System32\Tasks\EPSON WF-4730 Series Update {EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {86AB9788-5FE0-4AFA-9D14-ACE9B79E88D7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {88D76E59-C08E-47AF-A4E6-4E857B285CF0} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation)
Task: {9ACC703F-1FFC-41CD-89D0-8EB55DC87B7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {B68A1C28-D62C-4964-8112-24F29DF9B342} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jayhanig@charter.net => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {B7CCA029-CFFF-416C-A563-96BC19D2B004} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {B7F1B026-9B3F-44E4-AE6C-28F1B3A91C46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {BA688FFE-AB9E-4A37-AC94-B31B05AFE196} - System32\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {C548E394-B90C-432A-9D70-00E5953433DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {CB3291BD-D9AD-485B-88F3-BEECE5FF5BF6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {CC64847F-F211-42A0-B1AC-B229D1ABA226} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4C5D248-6D80-4FEE-9948-AE6603D37D67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-11] (Microsoft Corporation)
Task: {EF178DBF-D01E-4058-977E-936C5790FE74} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {F8169276-8B5A-4BBF-8EC2-19BAEBBFA8E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {81C3F5D8-ECFB-4345-AAA1-8D0131212EC2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{81C3F5D8-ECFB-4345-AAA1-8D0131212EC2} /F:UpdateWORKGROUP2\JAYS-OFFICE$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-4730 Series Update {EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSQDE.EXE:/EXE:{EF4D8BDC-8DF6-4DD9-B3BD-5EF6567CCDFF} /F:UpdateWORKGROUP2\JAYS-OFFICE$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Jay\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Public\Desktop\GLUCOFACTS Deluxe v3.11.lnk -> C:\Program Files (x86)\Ascensia Diabetes Care\GLUCOFACTS Deluxe\run.bat ()

ShortcutWithArgument: C:\Users\Jay\Desktop\Bank of America - IE.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.bankofamerica.com/Control.do?page_msg=timeout&body=signoff

==================== Loaded Modules (Whitelisted) ==============

2015-08-23 19:45 - 2017-05-23 04:35 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-11-22 12:20 - 2017-11-22 12:20 - 001216760 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2013-08-29 03:08 - 2013-08-29 03:08 - 000332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 000058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2013-02-03 07:40 - 2013-02-03 07:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2012-02-02 05:16 - 2012-02-02 05:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2013-08-29 03:08 - 2013-08-29 03:08 - 000054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.dll
2013-02-03 07:40 - 2013-02-03 07:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2013-02-03 05:21 - 2013-02-03 05:21 - 000045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 05:21 - 2013-02-03 05:21 - 000097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2018-01-27 15:02 - 2018-07-15 05:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-27 15:02 - 2018-07-15 05:32 - 002535120 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-26 09:47 - 2018-06-26 09:47 - 006096688 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2017-11-30 19:54 - 2017-11-30 19:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-22 11:25 - 2014-08-22 18:10 - 002244912 _____ () C:\WINDOWS\system32\MlPatch.exe
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-12-19 05:32 - 2012-08-28 15:20 - 000313432 _____ () C:\WINDOWS\system32\GManager.exe
2017-11-22 12:04 - 2017-11-22 12:04 - 005825576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-01-01 15:07 - 2013-08-29 03:08 - 000163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2017-01-01 15:07 - 2013-08-01 05:36 - 000089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2017-01-01 15:07 - 2013-08-01 05:36 - 000045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-01-01 15:07 - 2013-08-29 03:08 - 000490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2017-01-01 15:07 - 2013-02-03 07:40 - 000011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2017-01-01 15:07 - 2012-02-02 05:16 - 000740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2017-01-01 15:07 - 2013-08-01 05:36 - 000058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2017-01-01 15:07 - 2013-02-03 07:40 - 000010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2017-01-01 15:07 - 2013-08-29 03:08 - 000087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2014-06-18 04:46 - 2014-06-18 04:46 - 001358912 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineAgent.exe
2013-08-29 03:08 - 2013-08-29 03:08 - 000063488 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2013-08-01 05:36 - 2013-08-01 05:36 - 000093696 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2017-01-25 05:42 - 2017-01-25 05:42 - 000401880 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-07-11 22:47 - 2018-07-06 02:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-16 23:49 - 2018-07-16 23:49 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-16 23:49 - 2018-07-16 23:49 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-16 23:49 - 2018-07-16 23:49 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-16 23:49 - 2018-07-16 23:49 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-16 23:49 - 2018-07-16 23:49 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-08-10 20:14 - 2018-08-10 20:15 - 035124224 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-08-10 20:14 - 2018-08-10 20:15 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-08-10 20:14 - 2018-08-10 20:15 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 00:05 - 2017-09-26 00:05 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-08-10 20:14 - 2018-08-10 20:15 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-22 12:06 - 2017-11-22 12:06 - 000585296 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2018-06-18 22:43 - 2018-06-18 22:43 - 004630488 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2017-11-22 12:04 - 2017-11-22 12:04 - 007003048 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2018-07-26 14:44 - 2018-07-26 14:45 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-07-26 14:44 - 2018-07-26 14:45 - 068154880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 19:44 - 2017-10-03 19:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-07-19 01:49 - 2018-07-19 01:49 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-19 01:49 - 2018-07-19 01:49 - 004139008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 03:47 - 2018-05-04 03:48 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-07-19 01:49 - 2018-07-19 01:49 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 06:30 - 2018-04-05 06:30 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-07-26 14:44 - 2018-07-26 14:45 - 014919168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-07-19 01:49 - 2018-07-19 01:49 - 003982848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-07-26 14:44 - 2018-07-26 14:45 - 002938880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-29 19:40 - 2018-05-29 19:41 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-19 01:49 - 2018-07-19 01:49 - 001396224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-07-26 14:44 - 2018-07-26 14:45 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-26 14:44 - 2018-07-26 14:45 - 000162816 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\SKU.dll
2018-07-26 14:44 - 2018-07-26 14:45 - 000045056 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18051.18420.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2017-07-02 09:42 - 2017-07-02 09:42 - 000281600 _____ () C:\Users\Jay\AppData\Local\keeperagent\resources\app\node_modules\node-notifier\vendor\snoreToast\SnoreToast.exe
2018-06-18 22:42 - 2018-06-18 22:42 - 003490136 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2018-06-18 22:41 - 2018-06-18 22:41 - 001334488 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2017-11-22 12:04 - 2017-11-22 12:04 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2018-06-18 22:37 - 2018-06-18 22:37 - 022782256 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2018-06-18 19:47 - 2018-06-18 19:47 - 000414936 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2017-11-22 11:51 - 2017-11-22 11:51 - 000136736 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-11-22 12:04 - 2017-11-22 12:04 - 000255008 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-11-22 12:04 - 2017-11-22 12:04 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-06-14 03:08 - 2017-06-14 03:02 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-11-30 19:55 - 2017-11-30 19:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-07-02 09:42 - 2017-07-02 09:42 - 001877504 _____ () C:\Users\Jay\AppData\Local\keeperagent\ffmpeg.dll
2018-06-14 03:27 - 2018-06-08 04:56 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2018-06-14 03:27 - 2018-06-08 04:56 - 000755200 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2018-06-18 19:40 - 2018-06-18 19:40 - 008988888 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2017-11-22 12:04 - 2017-11-22 12:04 - 000796192 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll
2018-06-18 19:41 - 2018-06-18 19:41 - 000057048 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2017-11-22 12:04 - 2017-11-22 12:04 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-11-22 11:51 - 2017-11-22 11:51 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2015-07-11 00:37 - 2015-07-11 00:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-07-02 09:42 - 2017-07-02 09:42 - 001922560 _____ () C:\Users\Jay\AppData\Local\keeperagent\libglesv2.dll
2017-07-02 09:42 - 2017-07-02 09:42 - 000079872 _____ () C:\Users\Jay\AppData\Local\keeperagent\libegl.dll
2018-08-14 11:49 - 2018-08-14 11:49 - 000695808 _____ () C:\Users\Jay\AppData\Local\Temp\sqlite-3.8.11.2-9533cb40-479b-438a-8dfc-5827eb654b2b-sqlitejdbc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-514081183-2536853567-307929770-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-22 15:04 - 2015-08-22 15:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-514081183-2536853567-307929770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\topsail inlet sunset 029.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-514081183-2536853567-307929770-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BADA98A7-0FCD-4B43-AE6E-0C02DB431BDB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2E83D7D6-8894-48A8-B457-FC97097C3198}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{74AE87A9-5B05-43C0-8ACD-B84773BE68C6}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
FirewallRules: [UDP Query User{210BC2A9-6BD4-4996-A9F1-5AFA139075EB}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
FirewallRules: [{5D8E3259-DDAC-4DEE-8B9D-8A63F2037805}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [TCP Query User{F36B04ED-7BB3-4EEC-BD39-C0265913B6C1}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
FirewallRules: [UDP Query User{4D366546-085F-47F8-A910-0FF5A0E8CA36}C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
FirewallRules: [TCP Query User{25E80EEE-3574-4AB6-B0E3-EFC035BED84F}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [UDP Query User{C37D353F-8167-4A11-8629-74D7C5F669DF}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [TCP Query User{BE9671C1-7A43-4BCA-AB11-E613820A57E8}C:\program files (x86)\acronis\trueimagehome\ga_service.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\ga_service.exe
FirewallRules: [UDP Query User{DBDE133D-CE5C-4BF5-833E-414ABE6C3CF3}C:\program files (x86)\acronis\trueimagehome\ga_service.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\ga_service.exe
FirewallRules: [{C5301D22-2664-4577-A6E4-B251E2745BE7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9A93DAAA-A6C6-42B6-AF97-087450B5A93E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{FB003BE0-7B1E-41EC-A316-9BA4C7DD9BA2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{926267BF-1468-48DF-BC3B-B502A889FC9A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{92932B7B-40AB-4128-AC66-89A28A1535F0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{168954CB-403D-49EB-8303-373271E06D85}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{150C4952-D684-4074-8441-68CCFBB632CB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{18F62B14-9BB2-4138-905A-587DBFA34272}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{F3B041BC-1994-468A-8788-02719EDC7A94}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{B22E1CEF-26C3-4E31-BA5D-292A8823684E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{A96054FB-C1AB-4A7A-84E9-E0E3D5FA1F0E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{F03C8727-BD0B-46FC-8941-F863E3BD5053}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe
FirewallRules: [{9097E15D-8D3D-4534-B62F-199D5092BBEC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{7871A85D-4A08-40CB-B3BF-1FD20A2061BA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{793E5F67-9F9A-40C2-9D3B-18D0C01E0889}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{CD09F095-AF33-4327-97C3-D46BD1489BCF}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{4C5ADFE9-5CBD-4499-92D4-C3D48E126D7A}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{A657CDD1-77B1-47C1-8683-AD6C5CFB248B}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{1AB9FEF9-2587-4BD3-B4E3-33400DE6FDB9}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{113B003E-EE3B-4089-8060-635A6A60D2CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{0F595046-DACC-4D2A-AB2C-ECFC235680A9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7362C9F7-E860-49C3-B1FD-A90FEAE5003D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{20712107-3665-4AB1-82B8-DBAAD9D74B0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06351403-9D53-4B20-AB74-B61A4446078D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DD34EEEA-1119-4EC4-B379-383C5556FD60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4F32B571-5600-4277-B7C4-3413D30A4C6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9306F7A9-922E-471F-A962-A4217220525B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-08-2018 22:00:42 Scheduled Checkpoint
14-08-2018 09:41:28 Installed Epson Software Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2018 03:12:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: KERNELBASE.dll, version: 10.0.17134.165, time stamp: 0xfa43f4b2
Exception code: 0xe0434352
Fault offset: 0x0010ddc2
Faulting process id: 0x2900
Faulting application start time: 0x01d4339e2101cdf8
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 34492f6c-675b-4c03-9439-cca563122a79
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2018 03:12:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at <Module>.IsiGetSystemInfo(_ISI_SystemInfo*)
   at PsiData.PsiDataSource.GetSystemInfo(System.Collections.Generic.Dictionary`2<Int32,System.Object>, System.Collections.Generic.List`1<PsiData.PsiError>)
   at PsiData.PsiDataSource.Load(System.Collections.Generic.Dictionary`2<Int32,System.Object> ByRef, Boolean)
   at PSI.PsiSystemDataModel.LoadDriverData(Int32)
   at PSI.PsiSystemDataModel.CreateStaticDataModel()
   at PSI.PsiSystemDataModel..cctor()

Exception Info: System.TypeInitializationException
   at PSI.PsiSystemDataModel.Connect()
   at PSIClient.PsiClient.Init()
   at IAStorUtil.SystemDataModelListener..ctor()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/14/2018 03:07:36 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task >> "" with GUID '690B7E31-4B86-4C05-97F6-50D91CDDBDD3' because of error 87> (Scheduler has received a request with an invalid parameter.).

Error: (08/06/2018 06:03:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: ISDI2.dll, version: 14.5.0.1081, time stamp: 0x556ecaed
Exception code: 0xc0000005
Fault offset: 0x00054263
Faulting process id: 0x2a54
Faulting application start time: 0x01d42d6cbd537332
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
Report Id: 2fa8b342-78b1-4b17-bb1c-fdc333aefac7
Faulting package full name:
Faulting package-relative application ID:

Error: (08/06/2018 06:03:44 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at <Module>.IsiEventSetUp()
   at PsiData.PsiDataSource.IsiEventSetUpInterface()
   at PSI.PsiSystemDataModel.pollWorker_DoWork(System.Object, System.ComponentModel.DoWorkEventArgs)
   at System.ComponentModel.BackgroundWorker.OnDoWork(System.ComponentModel.DoWorkEventArgs)
   at System.ComponentModel.BackgroundWorker.WorkerThreadStart(System.Object)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr, System.Object[], System.Object, System.Object[] ByRef)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessageSink)
   at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.ThreadPoolCallBack(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/06/2018 05:59:02 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task >> "" with GUID '3A935229-77EE-42DF-9CEF-7E991AF15605' because of error 87> (Scheduler has received a request with an invalid parameter.).

Error: (07/27/2018 11:27:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: ISDI2.dll, version: 14.5.0.1081, time stamp: 0x556ecaed
Exception code: 0xc0000005
Fault offset: 0x00054263
Faulting process id: 0x3234
Faulting application start time: 0x01d42622e2262177
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
Report Id: 7ed4be7f-52dd-4938-878e-2fbf02b95c4a
Faulting package full name:
Faulting package-relative application ID:

Error: (07/27/2018 11:27:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at <Module>.IsiEventSetUp()
   at PsiData.PsiDataSource.IsiEventSetUpInterface()
   at PSI.PsiSystemDataModel.pollWorker_DoWork(System.Object, System.ComponentModel.DoWorkEventArgs)
   at System.ComponentModel.BackgroundWorker.OnDoWork(System.ComponentModel.DoWorkEventArgs)
   at System.ComponentModel.BackgroundWorker.WorkerThreadStart(System.Object)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr, System.Object[], System.Object, System.Object[] ByRef)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessageSink)
   at System.Runtime.Remoting.Proxies.AgileAsyncWorkerItem.ThreadPoolCallBack(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (08/14/2018 03:21:03 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport TeamViewer VPN Adapter, {6DC34C50-2371-4229-BDE8-2F8A02DFE3CF}, had event 76

Error: (08/14/2018 03:13:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 03:12:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/14/2018 03:12:40 AM) (Source: DCOM) (EventID: 10016) (User: JAYS-OFFICE)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID
Unavailable
 to the user JAYS-OFFICE\Jay SID (S-1-5-21-514081183-2536853567-307929770-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 03:11:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 03:11:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/14/2018 03:09:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/14/2018 03:09:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.


CodeIntegrity:
===================================

Date: 2018-08-14 02:16:03.722
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:16:03.716
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:16:03.710
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:16:03.705
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:16:03.696
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:15:58.187
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:15:58.181
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-08-14 02:15:58.176
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 70%
Total physical RAM: 12193.06 MB
Available physical RAM: 3603.13 MB
Total Virtual: 14049.06 MB
Available Virtual: 4876.82 MB

==================== Drives ================================

Drive ? (Windows) (Fixed) (Total:1845.11 GB) (Free:1647.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.59 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (RECOVERY) (Removable) (Total:29.74 GB) (Free:15.52 GB) FAT32
Drive n: (USB 3 Ext HD) (Fixed) (Total:3725.87 GB) (Free:1873.73 GB) NTFS

\\?\Volume{5ba19738-b4c2-4e0d-b244-91c18c919852}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{71ae6d00-226a-438d-a977-e90ccf6ebd4e}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{7074f295-0b31-4df2-8b5c-1843d5b88912}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0E09C58B)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 29.8 GB) (Disk ID: B415881C)
Partition 1: (Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hi,

You are doing well.
If you have questions please ask.

Unless you need these old versions of Java for development I suggest you remove them via the Control Panel > Programs > Programs and Features.

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)

Keep this latest version.
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
===

You previously had the virus protection AVG and it was removed.
I see many traces of that program in your logs.

Please download the AVG remover from this sit and run it.
https://www.avg.com/en-ca/utilities

Restart the computer normally when completed.
===

Please let me know what problem persists with this computer.

Link to post
Share on other sites

Nasdaq,

I very much appreciate the detailed help you have given me.  I have taken your advice and nuked the old Java updates, leaving just 181 in place.  I also ran the AVG removal program as you suggested.  Whether this fixes it or not has yet to be seen since it was such a sporadic event to begin with, but so far, so good!

I will come back and update in a week or two if nothing else happens and we will call this a closed affair; sooner if it happens again.  But either way, thank you.  Your efforts are much appreciated.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.